Summary:


NtCallbackReturn(>)  1 
NtNotifyChangeKey(>)  2 
NtQueryVirtualMemory(>)  6 
NtOpenKey(>)  64 

NtFsControlFile(>)  1 
NtOpenDirectoryObject(>)  2 
NtQueryInformationFile(>)  7 
NtContinue(>)  102 

NtGdiCreateBitmap(>)  1 
NtOpenProcessToken(>)  2 
NtSetInformationFile(>)  7 
NtDuplicateObject(>)  121 

NtGdiInit(>)  1 
NtQueryDefaultLocale(>)  2 
NtUnmapViewOfSection(>)  7 
NtQueryValueKey(>)  136 

NtGdiQueryFontAssocInfo(>)  1 
NtSetValueKey(>)  2 
NtCreateFile(>)  8 
NtClose(>)  143 

NtGdiSelectBitmap(>)  1 
NtFreeVirtualMemory(>)  3 
NtUserFindExistingCursorIcon(>)  9 
NtRegisterThreadTerminatePort(>)  196 

NtOpenKeyedEvent(>)  1 
NtGdiCreateCompatibleDC(>)  3 
NtCreateSection(>)  11 
NtTestAlert(>)  200 

NtOpenSymbolicLinkObject(>)  1 
NtOpenProcessTokenEx(>)  3 
NtOpenFile(>)  12 
NtSetEventBoostPriority(>)  333 

NtQueryObject(>)  1 
NtOpenThreadTokenEx(>)  3 
NtUserRegisterClassExWOW(>)  14 
NtQueryInformationThread(>)  341 

NtQuerySymbolicLinkObject(>)  1 
NtQueryDebugFilterState(>)  3 
NtOpenSection(>)  15 
NtCreateThread(>)  342 

NtSecureConnectPort(>)  1 
NtQueryVolumeInformationFile(>)  3 
NtQuerySystemInformation(>)  15 
NtResumeThread(>)  342 

NtSetInformationProcess(>)  1 
NtSetInformationObject(>)  3 
NtQueryAttributesFile(>)  16 
NtRequestWaitReplyPort(>)  347 

NtSetInformationThread(>)  1 
NtQueryInformationProcess(>)  4 
NtReadFile(>)  19 
NtProtectVirtualMemory(>)  434 

NtUserCallNoParam(>)  1 
NtGdiGetStockObject(>)  5 
NtWriteFile(>)  20 
NtWaitForSingleObject(>)  711 

NtUserGetThreadDesktop(>)  1 
NtQueryDirectoryFile(>)  6 
NtMapViewOfSection(>)  22 
NtAllocateVirtualMemory(>)  842 

NtCreateMutant(>)  2 
NtQueryInformationToken(>)  6 
NtFlushInstructionCache(>)  23 

NtGdiCreateSolidBrush(>)  2 
NtQuerySection(>)  6 

Trace:
 00001  1764   NtOpenFile  (0x80100000, {24, 0, 0x240, 0, 0,  (0x80100000, {24, 0, 0x240, 0, 0, "\SystemRoot\Prefetch\PACKED.EXE-09ED06A1.pf"}, 0, 32, ... ) }, 0, 32, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00003  1764   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00004  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00005  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00006  1764   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00007  1764   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00008  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00009  1764   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00010  1764   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00011  1764   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00012  1764   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00013  1764   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00014  1764   NtClose  (12, ... ) == 0x0
 00015  1764   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\C:\scripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00016  1764   NtQueryVolumeInformationFile  (12, 1243852, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00017  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243804, ... ) }, 1243804, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018  1764   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019  1764   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x7c800000), 0x0, 1003520, ) == 0x0
 00020  1764   NtClose  (16, ... ) == 0x0
 00021  1764   NtProtectVirtualMemory  (-1, (0x7c801000), 1568, 4, ... (0x7c801000), 4096, 32, ) == 0x0
 00022  1764   NtProtectVirtualMemory  (-1, (0x7c801000), 4096, 32, ... (0x7c801000), 4096, 4, ) == 0x0
 00023  1764   NtFlushInstructionCache  (-1, 2088767488, 1568, ... ) == 0x0
 00024  1764   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 00025  1764   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00026  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00027  1764   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00028  1764   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1241944, 44, ... 24, {24, 16, 0, 65536, 2424832, 18415616}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1241944, 44, ... 24, {24, 16, 0, 65536, 2424832, 18415616}, {0, 0, 0}, 200, 44, ) == 0x0
 00029  1764   NtClose  (16, ... ) == 0x0
 00030  1764   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00031  1764   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00032  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00033  1764   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00034  1764   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00035  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184}  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184} "\210\6\31\1\0\0\0\0eZ\221|\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 57958, 0} "`\375\27\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57958, 0}  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184} "\210\6\31\1\0\0\0\0eZ\221|\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 57958, 0} "`\375\27\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" )  ) == 0x0
 00036  1764   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00037  1764   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00038  1764   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00039  1764   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00040  1764   NtClose  (16, ... ) == 0x0
 00041  1764   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 16, ) }, ... 16, ) == 0x0
 00042  1764   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00043  1764   NtClose  (16, ... ) == 0x0
 00044  1764   NtQueryDefaultLocale  (0, 2089305000, ... ) == 0x0
 00045  1764   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 16, ) }, ... 16, ) == 0x0
 00046  1764   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 249856, ) == 0x0
 00047  1764   NtClose  (16, ... ) == 0x0
 00048  1764   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 16, ) }, ... 16, ) == 0x0
 00049  1764   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00050  1764   NtQuerySection  (16, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00051  1764   NtClose  (16, ... ) == 0x0
 00052  1764   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 16, ) }, ... 16, ) == 0x0
 00053  1764   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00054  1764   NtClose  (16, ... ) == 0x0
 00055  1764   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00056  1764   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00057  1764   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00058  1764   NtAllocateVirtualMemory  (-1, 2428928, 0, 8192, 4096, 4, ... 2428928, 8192, ) == 0x0
 00059  1764   NtRequestWaitReplyPort  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776}  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776} "\210\6\31\1\36\0\1\0\0\0\0\0\377\377\377\377\234\6\31\1p\30\0\0" ... {24, 52, reply, 0, 1304, 1764, 57959, 0} "\10P\30\0\36\0\1\0\0\0\0\0\377\377\377\377\234\6\31\1p\30\0\0" )  ... {24, 52, reply, 0, 1304, 1764, 57959, 0}  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776} "\210\6\31\1\36\0\1\0\0\0\0\0\377\377\377\377\234\6\31\1p\30\0\0" ... {24, 52, reply, 0, 1304, 1764, 57959, 0} "\10P\30\0\36\0\1\0\0\0\0\0\377\377\377\377\234\6\31\1p\30\0\0" )  ) == 0x0
 00060  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0}  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 57960, 0} "\250\202\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57960, 0}  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 57960, 0} "\250\202\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" )  ) == 0x0
 00061  1764   NtProtectVirtualMemory  (-1, (0x409000), 65552, 4, ... (0x409000), 69632, 128, ) == 0x0
 00062  1764   NtProtectVirtualMemory  (-1, (0x409000), 69632, 128, ... (0x409000), 69632, 4, ) == 0x0
 00063  1764   NtFlushInstructionCache  (-1, 4231168, 65552, ... ) == 0x0
 00064  1764   NtQueryInformationProcess  (-1, 37, 48, ... {process info, class 37, size 48}, 0x0, ) == 0x0
 00065  1764   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe"}, 5, 96, ... 16, {status=0x0, info=1}, ) }, 5, 96, ... 16, {status=0x0, info=1}, ) == 0x0
 00066  1764   NtReadFile  (16, 0, 0, 0, 4, {42564, 0}, 0, ... {status=0x0, info=4},  (16, 0, 0, 0, 4, {42564, 0}, 0, ... {status=0x0, info=4}, "\356v\363B", ) , ) == 0x0
 00067  1764   NtClose  (16, ... ) == 0x0
 00068  1764   NtSetInformationProcess  (-1, 34, {process info, class 34, size 4}, 4, ... ) == 0x0
 00069  1764   NtOpenProcessToken  (-1, 0x8, ... 16, ) == 0x0
 00070  1764   NtQueryInformationToken  (16, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00071  1764   NtClose  (16, ... ) == 0x0
 00072  1764   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00073  1764   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00074  1764   NtClose  (16, ... ) == 0x0
 00075  1764   NtTestAlert  (... ) == 0x0
 00076  1764   NtContinue  (1244464, 1, ...
 00077  1764   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x41a000,}, 4, ... ) == 0x0
 00078  1764   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 16, ) }, ... 16, ) == 0x0
 00079  1764   NtQueryValueKey  (16,  (16, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00080  1764   NtClose  (16, ... ) == 0x0
 00081  1764   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00082  1764   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00083  1764   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 634880, ) == 0x0
 00084  1764   NtClose  (16, ... ) == 0x0
 00085  1764   NtProtectVirtualMemory  (-1, (0x77dd1000), 1700, 4, ... (0x77dd1000), 4096, 32, ) == 0x0
 00086  1764   NtProtectVirtualMemory  (-1, (0x77dd1000), 4096, 32, ... (0x77dd1000), 4096, 4, ) == 0x0
 00087  1764   NtFlushInstructionCache  (-1, 2010976256, 1700, ... ) == 0x0
 00088  1764   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00089  1764   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e70000), 0x0, 593920, ) == 0x0
 00090  1764   NtClose  (16, ... ) == 0x0
 00091  1764   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00092  1764   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00093  1764   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00094  1764   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00095  1764   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00096  1764   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00097  1764   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00098  1764   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00099  1764   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00100  1764   NtProtectVirtualMemory  (-1, (0x77dd1000), 1700, 4, ... (0x77dd1000), 4096, 32, ) == 0x0
 00101  1764   NtProtectVirtualMemory  (-1, (0x77dd1000), 4096, 32, ... (0x77dd1000), 4096, 4, ) == 0x0
 00102  1764   NtFlushInstructionCache  (-1, 2010976256, 1700, ... ) == 0x0
 00103  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00104  1764   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00105  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00106  1764   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00107  1764   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00108  1764   NtQueryValueKey  (16,  (16, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00109  1764   NtClose  (16, ... ) == 0x0
 00110  1764   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 16, ) }, ... 16, ) == 0x0
 00111  1764   NtQueryValueKey  (16,  (16, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00112  1764   NtClose  (16, ... ) == 0x0
 00113  1764   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 16, ) }, ... 16, ) == 0x0
 00114  1764   NtSetInformationObject  (16, Handle, {Inherit=0,ProtectFromClose=1,}, 2011431168, ... ) == 0x0
 00115  1764   NtOpenKey  (0x20019, {24, 16, 0x40, 0, 0,  (0x20019, {24, 16, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00116  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00117  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00118  1764   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00119  1764   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 28, ) == 0x0
 00120  1764   NtQueryInformationToken  (28, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00121  1764   NtClose  (28, ... ) == 0x0
 00122  1764   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1292428093-1383384898-725345543-1003"}, ... 28, ) }, ... 28, ) == 0x0
 00123  1764   NtSetInformationObject  (28, Handle, {Inherit=0,ProtectFromClose=1,}, 1179904, ... ) == 0x0
 00124  1764   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer"}, ... 32, ) }, ... 32, ) == 0x0
 00125  1764   NtQueryValueKey  (32,  (32, "PINF", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00126  1764   NtClose  (32, ... ) == 0x0
 00127  1764   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ... 1228800, 4096, ) == 0x0
 00128  1764   NtAllocateVirtualMemory  (-1, 1224704, 0, 4096, 4096, 260, ... 1224704, 4096, ) == 0x0
 00129  1764   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1234112,  (0x80100080, {24, 0, 0x40, 0, 1234112, "\??\u:\work\packed.exe"}, 0x0, 1, 1, 1, 96, 0, 0, ... 32, {status=0x0, info=1}, ) }, 0x0, 1, 1, 1, 96, 0, 0, ... 32, {status=0x0, info=1}, ) == 0x0
 00130  1764   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... {status=0x0, info=0}, 0x0, ) == 0x0
 00131  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp"}, 1233816, ... ) }, 1233816, ... ) == 0x0
 00132  1764   NtRequestWaitReplyPort  (24, {20, 48, new_msg, 0, 1234168, 2089878865, 1315608, 2089878893}  (24, {20, 48, new_msg, 0, 1234168, 2089878865, 1315608, 2089878893} "\0\0\0\0\2\0\1\0\250C\24\0\231\236\0\0\2\0\0\0" ... {20, 48, reply, 0, 1304, 1764, 57963, 0} "\0\0\0\0\2\0\1\0\2\0\0\0\231\236\0\0\2\0\0\0" )  ... {20, 48, reply, 0, 1304, 1764, 57963, 0}  (24, {20, 48, new_msg, 0, 1234168, 2089878865, 1315608, 2089878893} "\0\0\0\0\2\0\1\0\250C\24\0\231\236\0\0\2\0\0\0" ... {20, 48, reply, 0, 1304, 1764, 57963, 0} "\0\0\0\0\2\0\1\0\2\0\0\0\231\236\0\0\2\0\0\0" )  ) == 0x0
 00133  1764   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1233824,  (0x80100080, {24, 0, 0x40, 0, 1233824, "\??\C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp\rbs2.tmp"}, 0x0, 128, 0, 2, 96, 0, 0, ... }, 0x0, 128, 0, 2, 96, 0, 0, ...
 00134  1764   NtQueryDirectoryFile  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1,  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1, "DOCUME~1", 1, ... {status=0x0, info=56}, ) , 1, ... {status=0x0, info=56}, ) == 0x0
 00135  1764   NtClose  (-2147482740, ... ) == 0x0
 00136  1764   NtQueryDirectoryFile  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1,  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1, "MARTIM~1", 1, ... {status=0x0, info=40}, ) , 1, ... {status=0x0, info=40}, ) == 0x0
 00137  1764   NtClose  (-2147482740, ... ) == 0x0
 00138  1764   NtQueryDirectoryFile  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1,  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1, "LOCALS~1", 1, ... {status=0x0, info=40}, ) , 1, ... {status=0x0, info=40}, ) == 0x0
 00139  1764   NtClose  (-2147482740, ... ) == 0x0
 00133  1764   NtCreateFile  ... 36, {status=0x0, info=2}, ) == 0x0
 00140  1764   NtClose  (36, ... ) == 0x0
 00141  1764   NtCreateFile  (0xc0100080, {24, 0, 0x40, 0, 1234112,  (0xc0100080, {24, 0, 0x40, 0, 1234112, "\??\C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp\rbs2.tmp"}, 0x0, 128, 1, 5, 96, 0, 0, ... }, 0x0, 128, 1, 5, 96, 0, 0, ...
 00142  1764   NtClose  (-2147482740, ... ) == 0x0
 00143  1764   NtQueryDirectoryFile  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1,  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1, "DOCUME~1", 1, ... {status=0x0, info=56}, ) , 1, ... {status=0x0, info=56}, ) == 0x0
 00144  1764   NtClose  (-2147482740, ... ) == 0x0
 00145  1764   NtQueryDirectoryFile  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1,  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1, "MARTIM~1", 1, ... {status=0x0, info=40}, ) , 1, ... {status=0x0, info=40}, ) == 0x0
 00146  1764   NtClose  (-2147482740, ... ) == 0x0
 00147  1764   NtQueryDirectoryFile  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1,  (-2147482740, 0, 0, 0, -519819264, 4096, Names, 1, "LOCALS~1", 1, ... {status=0x0, info=40}, ) , 1, ... {status=0x0, info=40}, ) == 0x0
 00148  1764   NtClose  (-2147482740, ... ) == 0x0
 00141  1764   NtCreateFile  ... 36, {status=0x0, info=3}, ) == 0x0
 00149  1764   NtSetInformationFile  (32, 1234204, 8, Position, ... {status=0x0, info=0}, ) == 0x0
 00150  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... {status=0x0, info=10240},  (32, 0, 0, 0, 10240, 0x0, 0, ... {status=0x0, info=10240}, "\356\233P\0\241\301\0\0\247\301\17\0\>\0\0\33\301\0\0\243\301\0\0\343\301\32\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\303\0\0\31\321\0\16\274u\11\315\202y\1Ln\340\220\220\367\251is\203\261ro\304\263am\203\254us\327\341be\203\263un\203\264nd\306\263 W\312\25732\256\313$7\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0\243\301\0\0", ) , ) == 0x0
 00151  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "MZP\0\2\0\0\0\4\0\17\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\32\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\272\20\0\16\37\264\11\315!\270\1L\315!\220\220This program must be run under Win32\15\12$7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 10240, 0x0, 0, ... , 10240, 0x0, 0, ...
 00152  1764   NtContinue  (-136208940, 0, ...
 00151  1764   NtWriteFile  ... {status=0x0, info=10240}, ) == 0x0
 00153  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... {status=0x0, info=10240},  (32, 0, 0, 0, 10240, 0x0, 0, ... {status=0x0, info=10240}, "\366\3116\34\314\375ME\314\263y,\3\254a\10\223\302\201\7k\11f\331\301\1A\304k\202\310<\241\215r\334K0jD\311\241Q\271\247\332|\377\205\3X}&n\16D\370i\310\270+\220\177\300\305JP\1\363Wkg\302\303@\315\337\376\1\2\35\205-\32 \3\5RV\364Q\21)\303e\203q\252K\335\251C,Kc\322\305\240\370\350\353\375\226\334\200\244F\200\302t\312wC\217\320"\301\262\301\12^\376\275\168\356P\3311\376\332\26\313Q\330\225\30sP\12\17\326\213Q\354\311d\2033\305\10#o\23,\210\223\7{\22\342\317\341\311[\207(IG\367\33\37\247\16\360fs=\2643\245\2\341\15\222C\3704}\255B\266\363\245\360X\235\367\322 g\363GWkE\310\257\357\357qPJ\205\0(\242\35\200\24 \373*\12\323\304\5\34\310j\326\12K\221\322<\205\261\256\10\365\265u\310\346G\25\212~\14\354\10e\301g) \370\370\251X\345\312\232\341\2029R\271\201W\3443\3671\15(\2004\324\12h\315\\352\324\5-o\345\230\365\343\314R\314\363R\200\221\16S\356\334:\20$\370\6\274UucJ]\304h\230\226\357/\2\250\306\17q\264F\363\317\341\224\233\11S\1=i7\225\205\25(\217\20r\305\223U\373'\250\2\301\276m\314\371\203x\373\2540\213\27JJX\216\345\7\220\334\11 ^\272"+\227\267>\377\12\217\271<\231\202\331d\360wPx]\236\357\243\261w\244\347\354\242\32\14p\251\37\363P\304\242\310\266\275\203#\350\332)\135\312w\344&G\231\17\11~\340\2\241\241@\31\211\250\211\341\231;2\207\232\347\324w\222\243\17'\320\262\1O\336\261\22\307\211\310\324\244\5Z\274\306h\347$\250\312\33a%\15\206[\171\335\17", ) \301\262\301\12^\376\275\168\356P\3311\376\332\26\313Q\330\225\30sP\12\17\326\213Q\354\311d\2033\305\10#o\23,\210\223\7{\22\342\317\341\311[\207(IG\367\33\37\247\16\360fs=\2643\245\2\341\15\222C\3704}\255B\266\363\245\360X\235\367\322 g\363GWkE\310\257\357\357qPJ\205\0(\242\35\200\24 \373*\12\323\304\5\34\310j\326\12K\221\322<\205\261\256\10\365\265u\310\346G\25\212~\14\354\10e\301g) \370\370\251X\345\312\232\341\2029R\271\201W\3443\3671\15(\2004\324\12h\315\\352\324\5-o\345\230\365\343\314R\314\363R\200\221\16S\356\334:\20$\370\6\274UucJ]\304h\230\226\357/\2\250\306\17q\264F\363\317\341\224\233\11S\1=i7\225\205\25(\217\20r\305\223U\373'\250\2\301\276m\314\371\203x\373\2540\213\27JJX\216\345\7\220\334\11 ^\272 (32, 0, 0, 0, 10240, 0x0, 0, ... {status=0x0, info=10240}, "\366\3116\34\314\375ME\314\263y,\3\254a\10\223\302\201\7k\11f\331\301\1A\304k\202\310<\241\215r\334K0jD\311\241Q\271\247\332|\377\205\3X}&n\16D\370i\310\270+\220\177\300\305JP\1\363Wkg\302\303@\315\337\376\1\2\35\205-\32 \3\5RV\364Q\21)\303e\203q\252K\335\251C,Kc\322\305\240\370\350\353\375\226\334\200\244F\200\302t\312wC\217\320"\301\262\301\12^\376\275\168\356P\3311\376\332\26\313Q\330\225\30sP\12\17\326\213Q\354\311d\2033\305\10#o\23,\210\223\7{\22\342\317\341\311[\207(IG\367\33\37\247\16\360fs=\2643\245\2\341\15\222C\3704}\255B\266\363\245\360X\235\367\322 g\363GWkE\310\257\357\357qPJ\205\0(\242\35\200\24 \373*\12\323\304\5\34\310j\326\12K\221\322<\205\261\256\10\365\265u\310\346G\25\212~\14\354\10e\301g) \370\370\251X\345\312\232\341\2029R\271\201W\3443\3671\15(\2004\324\12h\315\\352\324\5-o\345\230\365\343\314R\314\363R\200\221\16S\356\334:\20$\370\6\274UucJ]\304h\230\226\357/\2\250\306\17q\264F\363\317\341\224\233\11S\1=i7\225\205\25(\217\20r\305\223U\373'\250\2\301\276m\314\371\203x\373\2540\213\27JJX\216\345\7\220\334\11 ^\272"+\227\267>\377\12\217\271<\231\202\331d\360wPx]\236\357\243\261w\244\347\354\242\32\14p\251\37\363P\304\242\310\266\275\203#\350\332)\135\312w\344&G\231\17\11~\340\2\241\241@\31\211\250\211\341\231;2\207\232\347\324w\222\243\17'\320\262\1O\336\261\22\307\211\310\324\244\5Z\274\306h\347$\250\312\33a%\15\206[\171\335\17", ) , ) == 0x0
 00154  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "U\106\34o\301\21\0\12^]|\168M\221\3311]\33\26\31\220\220\330\225\273\262P\12\254\27\213QO\10d\203\220\4\10#\314\322,\2100\306{\22A\16\341\311\370F(I\3446\33\37\4\317\360f\320\374\2643\6\303\341\151\202\3704\336lB\266Pd\360X>6\322 \3042GW\310\204\310\257L.qP\351D\0(\1\334\200\24\203:*\12p\5\5\34k\253\326\12\350P\322<&p\256\10Vtu\310E\206\25\212\335\315\354\10\306\0g)\2039\370\251\373$\312\232BC9R\32@W\344\22061\15\213A4\324\251\251\315\I\25\5-\314$\230\365@\15R\314P\223\200\221\255\222\356\334\231\321$\370\245}Uu\300\213]\304\313Y\226\357\214\303\250\306\254\260\264FP\16\341\2248\310S\1\236\2507\225&\324(\217\263\263\305\223\366:'\250\241\0\276mo8\203xXm0\213\264\213JX-$\7\220\177\310 ^\31\343+\227\24\377\377\12,x<\231!\30d\360\324\221x]=.\243\261\324e\347\354\1\333\14p\12\336\363Pgc\310\266\36B#\350y\350\135i\266\344&\344X\17\11\335\3350\2\2`@\3\222H\250\211BX;2$[\347\324\324S\243\17\204\21\262\1\354\37\261\22dH\310\324\7\304Z\274e\251\347$\13\13\33a\206\314\206[\254\360\335\17", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) \301\21\0\12^]|\168M\221\3311]\33\26\31\220\220\330\225\273\262P\12\254\27\213QO\10d\203\220\4\10#\314\322,\2100\306{\22A\16\341\311\370F(I\3446\33\37\4\317\360f\320\374\2643\6\303\341\151\202\3704\336lB\266Pd\360X>6\322 \3042GW\310\204\310\257L.qP\351D\0(\1\334\200\24\203:*\12p\5\5\34k\253\326\12\350P\322<&p\256\10Vtu\310E\206\25\212\335\315\354\10\306\0g)\2039\370\251\373$\312\232BC9R\32@W\344\22061\15\213A4\324\251\251\315\I\25\5-\314$\230\365@\15R\314P\223\200\221\255\222\356\334\231\321$\370\245}Uu\300\213]\304\313Y\226\357\214\303\250\306\254\260\264FP\16\341\2248\310S\1\236\2507\225&\324(\217\263\263\305\223\366:'\250\241\0\276mo8\203xXm0\213\264\213JX-$\7\220\177\310 ^\31\343+\227\24\377\377\12,x<\231!\30d\360\324\221x]=.\243\261\324e\347\354\1\333\14p\12\336\363Pgc\310\266\36B#\350y\350\135i\266\344&\344X\17\11\335\3350\2\2`@\3\222H\250\211BX;2$[\347\324\324S\243\17\204\21\262\1\354\37\261\22dH\310\324\7\304Z\274e\251\347$\13\13\33a\206\314\206[\254\360\335\17", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00155  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... {status=0x0, info=4718},  (32, 0, 0, 0, 10240, 0x0, 0, ... {status=0x0, info=4718}, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", ) , ) == 0x0
 00156  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "\327\302\13X\270\22\25w1\12\14H\323M\303\30J\226L\340U\245\262H\0\253\222\345\260\205\267}\30D@\221\345\220eZd\XY\16[\232\0RKcTPd9d\33b\246d`\221\345\220ej!lhQ\226C\226r\14tp,\35\311`\313z|5x@*\201\230C\20|\32\301\177\205\224\235\233`g\20\256p\273\3639\253V%\22\210\149+\204\20\274\7\213\2069\232A\214\14\210o@\323\377\367*\276(\212G\10:\320t9\366F\2733\252I\325\256\230\334W\4\371lE]\267\4F4\363F\37\306\266B\24\270\256\354\24\5\14N\5>\4\227JV0v\242\310\352\206=\366\5\13\200K@X\303\13\222\207U?\13p\303k\257-\353\221\274\344\310\2574\310\1\367\1.\370\27\344Fals\207n\31\344\203STrue\1.\3\210\4o\3651\322\212P\26D\20\27\304\205~\213w;1\311\212HCD\10\374\377B\267_\0\10\215u\17\213|\10\71\300\212\16;J\374u\267~\241[\216\\12\362\34\16\366\303\337\237Iu\342o[\253\361\371\27@$\16\19\370~\335\245g\5-\304;\2008'\17M\4[\373\302r\344\205\257o\267\277\202t\257\211\321\11a\13\212G\212*\201\360R\356\356\341\377\337\177\333\212Xc\224\212^\12\205[Sol|\36\13\26\30\217\36\159\364\355\15\376X\32\200\347\3379\313\374\267\0O\21\30\33u\354\355\3556\2\261 \227\353\310?\200\345\337:\266\300\355\355\32\353\342\35\212l\32\221l\30B\305\222\377\302\11\370\347Ku\360\217\243:\213?\263\4\200?\5\266]\243\7\203\321O\1\267\17\362\377\255\252\267J\20z\7\376\261r\13w\15\17\277\311\3J\334\252\5<\307\377\321\216\332\377B\345\2169\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00157  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00158  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00159  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00160  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "\327\302\13X\270\22\25w1\12\14H\323M\303\30J\226L\340U\245\262H\0\253\222\345\260\205\267}\30D@\221\345\220eZd\XY\16[\232\0RKcTPd9d\33b\246d`\221\345\220ej!lhQ\226C\226r\14tp,\35\311`\313z|5x@*\201\230C\20|\32\301\177\205\224\235\233`g\20\256p\273\3639\253V%\22\210\149+\204\20\274\7\213\2069\232A\214\14\210o@\323\377\367*\276(\212G\10:\320t9\366F\2733\252I\325\256\230\334W\4\371lE]\267\4F4\363F\37\306\266B\24\270\256\354\24\5\14N\5>\4\227JV0v\242\310\352\206=\366\5\13\200K@X\303\13\222\207U?\13p\303k\257-\353\221\274\344\310\2574\310\1\367\1.\370\27\344Fals\207n\31\344\203STrue\1.\3\210\4o\3651\322\212P\26D\20\27\304\205~\213w;1\311\212HCD\10\374\377B\267_\0\10\215u\17\213|\10\71\300\212\16;J\374u\267~\241[\216\\12\362\34\16\366\303\337\237Iu\342o[\253\361\371\27@$\16\19\370~\335\245g\5-\304;\2008'\17M\4[\373\302r\344\205\257o\267\277\202t\257\211\321\11a\13\212G\212*\201\360R\356\356\341\377\337\177\333\212Xc\224\212^\12\205[Sol|\36\13\26\30\217\36\159\364\355\15\376X\32\200\347\3379\313\374\267\0O\21\30\33u\354\355\3556\2\261 \227\353\310?\200\345\337:\266\300\355\355\32\353\342\35\212l\32\221l\30B\305\222\377\302\11\370\347Ku\360\217\243:\213?\263\4\200?\5\266]\243\7\203\321O\1\267\17\362\377\255\252\267J\20z\7\376\261r\13w\15\17\277\311\3J\334\252\5<\307\377\321\216\332\377B\345\2169\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00161  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00162  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00163  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00164  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "\327\302\13X\270\22\25w1\12\14H\323M\303\30J\226L\340U\245\262H\0\253\222\345\260\205\267}\30D@\221\345\220eZd\XY\16[\232\0RKcTPd9d\33b\246d`\221\345\220ej!lhQ\226C\226r\14tp,\35\311`\313z|5x@*\201\230C\20|\32\301\177\205\224\235\233`g\20\256p\273\3639\253V%\22\210\149+\204\20\274\7\213\2069\232A\214\14\210o@\323\377\367*\276(\212G\10:\320t9\366F\2733\252I\325\256\230\334W\4\371lE]\267\4F4\363F\37\306\266B\24\270\256\354\24\5\14N\5>\4\227JV0v\242\310\352\206=\366\5\13\200K@X\303\13\222\207U?\13p\303k\257-\353\221\274\344\310\2574\310\1\367\1.\370\27\344Fals\207n\31\344\203STrue\1.\3\210\4o\3651\322\212P\26D\20\27\304\205~\213w;1\311\212HCD\10\374\377B\267_\0\10\215u\17\213|\10\71\300\212\16;J\374u\267~\241[\216\\12\362\34\16\366\303\337\237Iu\342o[\253\361\371\27@$\16\19\370~\335\245g\5-\304;\2008'\17M\4[\373\302r\344\205\257o\267\277\202t\257\211\321\11a\13\212G\212*\201\360R\356\356\341\377\337\177\333\212Xc\224\212^\12\205[Sol|\36\13\26\30\217\36\159\364\355\15\376X\32\200\347\3379\313\374\267\0O\21\30\33u\354\355\3556\2\261 \227\353\310?\200\345\337:\266\300\355\355\32\353\342\35\212l\32\221l\30B\305\222\377\302\11\370\347Ku\360\217\243:\213?\263\4\200?\5\266]\243\7\203\321O\1\267\17\362\377\255\252\267J\20z\7\376\261r\13w\15\17\277\311\3J\334\252\5<\307\377\321\216\332\377B\345\2169\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00165  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00166  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00167  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00168  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "\327\302\13X\270\22\25w1\12\14H\323M\303\30J\226L\340U\245\262H\0\253\222\345\260\205\267}\30D@\221\345\220eZd\XY\16[\232\0RKcTPd9d\33b\246d`\221\345\220ej!lhQ\226C\226r\14tp,\35\311`\313z|5x@*\201\230C\20|\32\301\177\205\224\235\233`g\20\256p\273\3639\253V%\22\210\149+\204\20\274\7\213\2069\232A\214\14\210o@\323\377\367*\276(\212G\10:\320t9\366F\2733\252I\325\256\230\334W\4\371lE]\267\4F4\363F\37\306\266B\24\270\256\354\24\5\14N\5>\4\227JV0v\242\310\352\206=\366\5\13\200K@X\303\13\222\207U?\13p\303k\257-\353\221\274\344\310\2574\310\1\367\1.\370\27\344Fals\207n\31\344\203STrue\1.\3\210\4o\3651\322\212P\26D\20\27\304\205~\213w;1\311\212HCD\10\374\377B\267_\0\10\215u\17\213|\10\71\300\212\16;J\374u\267~\241[\216\\12\362\34\16\366\303\337\237Iu\342o[\253\361\371\27@$\16\19\370~\335\245g\5-\304;\2008'\17M\4[\373\302r\344\205\257o\267\277\202t\257\211\321\11a\13\212G\212*\201\360R\356\356\341\377\337\177\333\212Xc\224\212^\12\205[Sol|\36\13\26\30\217\36\159\364\355\15\376X\32\200\347\3379\313\374\267\0O\21\30\33u\354\355\3556\2\261 \227\353\310?\200\345\337:\266\300\355\355\32\353\342\35\212l\32\221l\30B\305\222\377\302\11\370\347Ku\360\217\243:\213?\263\4\200?\5\266]\243\7\203\321O\1\267\17\362\377\255\252\267J\20z\7\376\261r\13w\15\17\277\311\3J\334\252\5<\307\377\321\216\332\377B\345\2169\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00169  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00170  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00171  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00172  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "\327\302\13X\270\22\25w1\12\14H\323M\303\30J\226L\340U\245\262H\0\253\222\345\260\205\267}\30D@\221\345\220eZd\XY\16[\232\0RKcTPd9d\33b\246d`\221\345\220ej!lhQ\226C\226r\14tp,\35\311`\313z|5x@*\201\230C\20|\32\301\177\205\224\235\233`g\20\256p\273\3639\253V%\22\210\149+\204\20\274\7\213\2069\232A\214\14\210o@\323\377\367*\276(\212G\10:\320t9\366F\2733\252I\325\256\230\334W\4\371lE]\267\4F4\363F\37\306\266B\24\270\256\354\24\5\14N\5>\4\227JV0v\242\310\352\206=\366\5\13\200K@X\303\13\222\207U?\13p\303k\257-\353\221\274\344\310\2574\310\1\367\1.\370\27\344Fals\207n\31\344\203STrue\1.\3\210\4o\3651\322\212P\26D\20\27\304\205~\213w;1\311\212HCD\10\374\377B\267_\0\10\215u\17\213|\10\71\300\212\16;J\374u\267~\241[\216\\12\362\34\16\366\303\337\237Iu\342o[\253\361\371\27@$\16\19\370~\335\245g\5-\304;\2008'\17M\4[\373\302r\344\205\257o\267\277\202t\257\211\321\11a\13\212G\212*\201\360R\356\356\341\377\337\177\333\212Xc\224\212^\12\205[Sol|\36\13\26\30\217\36\159\364\355\15\376X\32\200\347\3379\313\374\267\0O\21\30\33u\354\355\3556\2\261 \227\353\310?\200\345\337:\266\300\355\355\32\353\342\35\212l\32\221l\30B\305\222\377\302\11\370\347Ku\360\217\243:\213?\263\4\200?\5\266]\243\7\203\321O\1\267\17\362\377\255\252\267J\20z\7\376\261r\13w\15\17\277\311\3J\334\252\5<\307\377\321\216\332\377B\345\2169\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00173  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00174  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00175  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00176  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "\327\302\13X\270\22\25w1\12\14H\323M\303\30J\226L\340U\245\262H\0\253\222\345\260\205\267}\30D@\221\345\220eZd\XY\16[\232\0RKcTPd9d\33b\246d`\221\345\220ej!lhQ\226C\226r\14tp,\35\311`\313z|5x@*\201\230C\20|\32\301\177\205\224\235\233`g\20\256p\273\3639\253V%\22\210\149+\204\20\274\7\213\2069\232A\214\14\210o@\323\377\367*\276(\212G\10:\320t9\366F\2733\252I\325\256\230\334W\4\371lE]\267\4F4\363F\37\306\266B\24\270\256\354\24\5\14N\5>\4\227JV0v\242\310\352\206=\366\5\13\200K@X\303\13\222\207U?\13p\303k\257-\353\221\274\344\310\2574\310\1\367\1.\370\27\344Fals\207n\31\344\203STrue\1.\3\210\4o\3651\322\212P\26D\20\27\304\205~\213w;1\311\212HCD\10\374\377B\267_\0\10\215u\17\213|\10\71\300\212\16;J\374u\267~\241[\216\\12\362\34\16\366\303\337\237Iu\342o[\253\361\371\27@$\16\19\370~\335\245g\5-\304;\2008'\17M\4[\373\302r\344\205\257o\267\277\202t\257\211\321\11a\13\212G\212*\201\360R\356\356\341\377\337\177\333\212Xc\224\212^\12\205[Sol|\36\13\26\30\217\36\159\364\355\15\376X\32\200\347\3379\313\374\267\0O\21\30\33u\354\355\3556\2\261 \227\353\310?\200\345\337:\266\300\355\355\32\353\342\35\212l\32\221l\30B\305\222\377\302\11\370\347Ku\360\217\243:\213?\263\4\200?\5\266]\243\7\203\321O\1\267\17\362\377\255\252\267J\20z\7\376\261r\13w\15\17\277\311\3J\334\252\5<\307\377\321\216\332\377B\345\2169\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00177  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00178  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00179  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00180  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "\327\302\13X\270\22\25w1\12\14H\323M\303\30J\226L\340U\245\262H\0\253\222\345\260\205\267}\30D@\221\345\220eZd\XY\16[\232\0RKcTPd9d\33b\246d`\221\345\220ej!lhQ\226C\226r\14tp,\35\311`\313z|5x@*\201\230C\20|\32\301\177\205\224\235\233`g\20\256p\273\3639\253V%\22\210\149+\204\20\274\7\213\2069\232A\214\14\210o@\323\377\367*\276(\212G\10:\320t9\366F\2733\252I\325\256\230\334W\4\371lE]\267\4F4\363F\37\306\266B\24\270\256\354\24\5\14N\5>\4\227JV0v\242\310\352\206=\366\5\13\200K@X\303\13\222\207U?\13p\303k\257-\353\221\274\344\310\2574\310\1\367\1.\370\27\344Fals\207n\31\344\203STrue\1.\3\210\4o\3651\322\212P\26D\20\27\304\205~\213w;1\311\212HCD\10\374\377B\267_\0\10\215u\17\213|\10\71\300\212\16;J\374u\267~\241[\216\\12\362\34\16\366\303\337\237Iu\342o[\253\361\371\27@$\16\19\370~\335\245g\5-\304;\2008'\17M\4[\373\302r\344\205\257o\267\277\202t\257\211\321\11a\13\212G\212*\201\360R\356\356\341\377\337\177\333\212Xc\224\212^\12\205[Sol|\36\13\26\30\217\36\159\364\355\15\376X\32\200\347\3379\313\374\267\0O\21\30\33u\354\355\3556\2\261 \227\353\310?\200\345\337:\266\300\355\355\32\353\342\35\212l\32\221l\30B\305\222\377\302\11\370\347Ku\360\217\243:\213?\263\4\200?\5\266]\243\7\203\321O\1\267\17\362\377\255\252\267J\20z\7\376\261r\13w\15\17\277\311\3J\334\252\5<\307\377\321\216\332\377B\345\2169\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00181  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00182  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00183  1764   NtReadFile  (32, 0, 0, 0, 10240, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00184  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "\327\302\13X\270\22\25w1\12\14H\323M\303\30J\226L\340U\245\262H\0\253\222\345\260\205\267}\30D@\221\345\220eZd\XY\16[\232\0RKcTPd9d\33b\246d`\221\345\220ej!lhQ\226C\226r\14tp,\35\311`\313z|5x@*\201\230C\20|\32\301\177\205\224\235\233`g\20\256p\273\3639\253V%\22\210\149+\204\20\274\7\213\2069\232A\214\14\210o@\323\377\367*\276(\212G\10:\320t9\366F\2733\252I\325\256\230\334W\4\371lE]\267\4F4\363F\37\306\266B\24\270\256\354\24\5\14N\5>\4\227JV0v\242\310\352\206=\366\5\13\200K@X\303\13\222\207U?\13p\303k\257-\353\221\274\344\310\2574\310\1\367\1.\370\27\344Fals\207n\31\344\203STrue\1.\3\210\4o\3651\322\212P\26D\20\27\304\205~\213w;1\311\212HCD\10\374\377B\267_\0\10\215u\17\213|\10\71\300\212\16;J\374u\267~\241[\216\\12\362\34\16\366\303\337\237Iu\342o[\253\361\371\27@$\16\19\370~\335\245g\5-\304;\2008'\17M\4[\373\302r\344\205\257o\267\277\202t\257\211\321\11a\13\212G\212*\201\360R\356\356\341\377\337\177\333\212Xc\224\212^\12\205[Sol|\36\13\26\30\217\36\159\364\355\15\376X\32\200\347\3379\313\374\267\0O\21\30\33u\354\355\3556\2\261 \227\353\310?\200\345\337:\266\300\355\355\32\353\342\35\212l\32\221l\30B\305\222\377\302\11\370\347Ku\360\217\243:\213?\263\4\200?\5\266]\243\7\203\321O\1\267\17\362\377\255\252\267J\20z\7\376\261r\13w\15\17\277\311\3J\334\252\5<\307\377\321\216\332\377B\345\2169\1", 10240, 0x0, 0, ... {status=0x0, info=10240}, ) , 10240, 0x0, 0, ... {status=0x0, info=10240}, ) == 0x0
 00185  1764   NtReadFile  (32, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 00186  1764   NtWriteFile  (36, 0, 0, 0,  (36, 0, 0, 0, "t\3\13X\33\323\25w\222\313\14Hp\214\303\30\351WL\340\366d\262H\243j\222\345\23D\267}\273\205@\221FQeZ\307\235XY\255\232\232\0\361\212cT\363\2459d\270\243\246\307\241\221\3453\244j!\317\251Q\226\340Wr\14\327\261,\35j\241\313z\337\364x@\211@\230C\263\275\32\301\334D\224\2358\241g\20\15\261\273\363\232jV%\261I\149\210E\20\274\244J\20699\200\214\14+\256@\323\6*\276\213KG\10\231\21t9U\207\2733\11\210\325\256;\35W\4Z\255E]\24\305F4P\207\37\306\25\203\24\270\15-\24\5\257\217\5>\247VJV\223\267\242\310IG=\366\246\312\200K\343\231\303\131FU?\250\261\303k\14\354\353\221\37%\310\257\227\11\1\367\242\357\370\27G\207al\320Fn\31GBST\321\264e\1\215\302\210\4\31441\322)\221\26D\263\3037\304&\277\213w\230\360\311\212\353\202D\10_>B\267\374\301\10\215\326\316\213|\253\3061\300)\317;J_\264\267~\2\232\216\\2513\34\16U\2\337\237\352\264\342o\370j\361\371\264\201$\16\242\370\370~~dg\5\216\5;\200\233\346\17M\247\232\373\302\321%\205\257\314v\277\202\327n\211\321\252\240\13\212\344K*\201S\223\356\356B>\337\177xKXc7K^\12&\232So\317\275\36\13\265\331\217\36\256\370\364\355\256?X\32#&\3379h=\267\0\354\320\30\33\326-\355\355\225\303\261 4*\310?#$\337:\25\1\355\355\271*\342\35)\255\32\221\317\331B\3051>\302\11[&KuSN\243:(\376\263\4#\376\5\266\376b\7\203r\216\1\267\2543\377\255\11vJ\20\331\306\376\261\321\312w\15\254~\311\3\351\35\252\5\237\6\377\321-\33\377BFO9\1", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 00187  1764   NtClose  (36, ... ) == 0x0
 00188  1764   NtClose  (32, ... ) == 0x0
 00189  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp\rbs2.tmp"}, 1242360, ... ) }, 1242360, ... ) == 0x0
 00190  1764   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp\rbs2.tmp"}, 5, 96, ... 32, {status=0x0, info=1}, ) }, 5, 96, ... 32, {status=0x0, info=1}, ) == 0x0
 00191  1764   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 32, ... 36, ) == 0x0
 00192  1764   NtClose  (32, ... ) == 0x0
 00193  1764   NtMapViewOfSection  (36, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x320000), 0x0, 176128, ) == 0x0
 00194  1764   NtClose  (36, ... ) == 0x0
 00195  1764   NtUnmapViewOfSection  (-1, 0x320000, ... ) == 0x0
 00196  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp\rbs2.tmp"}, 1242668, ... ) }, 1242668, ... ) == 0x0
 00197  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp\rbs2.tmp"}, 1242668, ... ) }, 1242668, ... ) == 0x0
 00198  1764   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\MARTIM~1\LOCALS~1\Temp\rbs2.tmp"}, 5, 96, ... 36, {status=0x0, info=1}, ) }, 5, 96, ... 36, {status=0x0, info=1}, ) == 0x0
 00199  1764   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 36, ... 32, ) == 0x0
 00200  1764   NtQuerySection  (32, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00201  1764   NtOpenProcessToken  (-1, 0x8, ... 40, ) == 0x0
 00202  1764   NtQueryInformationToken  (40, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00203  1764   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00204  1764   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 44, ) }, ... 44, ) == 0x0
 00205  1764   NtQueryValueKey  (44,  (44, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (44, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00206  1764   NtClose  (44, ... ) == 0x0
 00207  1764   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00208  1764   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 44, ) == 0x0
 00209  1764   NtQueryInformationToken  (44, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00210  1764   NtClose  (44, ... ) == 0x0
 00211  1764   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1292428093-1383384898-725345543-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00212  1764   NtClose  (40, ... ) == 0x0
 00213  1764   NtClose  (36, ... ) == 0x0
 00214  1764   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x320000), 0x0, 471040, ) == STATUS_IMAGE_NOT_AT_BASE
 00215  1764   NtQueryVirtualMemory  (-1, 0x7c91c5c0, Basic, 28, ... {BaseAddress=0x7c91c000,AllocationBase=0x7c900000,AllocationProtect=0x80,RegionSize=0x60000,State=0x1000,Protect=0x20,Type=0x1000000,}, 28, ) == 0x0
 00216  1764   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00217  1764   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00218  1764   NtContinue  (1241096, 0, ...
 00219  1764   NtUnmapViewOfSection  (-1, 0x320000, ... ) == 0x0
 00220  1764   NtClose  (32, ... ) == 0x0
 00221  1764   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00222  1764   NtQueryVirtualMemory  (-1, 0x40980f, Basic, 28, ... {BaseAddress=0x409000,AllocationBase=0x400000,AllocationProtect=0x80,RegionSize=0x1000,State=0x1000,Protect=0x40,Type=0x1000000,}, 28, ) == 0x0
 00223  1764   NtContinue  (1244400, 0, ...
 00224  1764   NtAllocateVirtualMemory  (-1, 0, 0, 2395, 4096, 64, ... 3276800, 4096, ) == 0x0
 00225  1764   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "user32.dll"}, ... 32, ) }, ... 32, ) == 0x0
 00226  1764   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x7e410000), 0x0, 589824, ) == 0x0
 00227  1764   NtClose  (32, ... ) == 0x0
 00228  1764   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 32, ) }, ... 32, ) == 0x0
 00229  1764   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77f10000), 0x0, 290816, ) == 0x0
 00230  1764   NtClose  (32, ... ) == 0x0
 00231  1764   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00232  1764   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00233  1764   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00234  1764   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00235  1764   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00236  1764   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00237  1764   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00238  1764   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00239  1764   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00240  1764   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00241  1764   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00242  1764   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00243  1764   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00244  1764   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00245  1764   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00246  1764   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00247  1764   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00248  1764   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00249  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00250  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\user32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00251  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00252  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2089900645, 1241830, 2090320576, 1241608}  (24, {28, 56, new_msg, 0, 2089900645, 1241830, 2090320576, 1241608} "\210\6\31\1\0\0\0\0\344\0\23\0\4\0\0\0\3\0\0\0\234\6\31\1$\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 57970, 0} "\320G\26\0\0\0\0\0\0\0\0\0\4\0\0\0\3\0\0\0\234\6\31\1$\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57970, 0}  (24, {28, 56, new_msg, 0, 2089900645, 1241830, 2090320576, 1241608} "\210\6\31\1\0\0\0\0\344\0\23\0\4\0\0\0\3\0\0\0\234\6\31\1$\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 57970, 0} "\320G\26\0\0\0\0\0\0\0\0\0\4\0\0\0\3\0\0\0\234\6\31\1$\1\0\0" )  ) == 0x0
 00253  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239000, ... ) }, 1239000, ... ) == 0x0
 00254  1764   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 32, {status=0x0, info=1}, ) }, 5, 96, ... 32, {status=0x0, info=1}, ) == 0x0
 00255  1764   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 32, ... 36, ) == 0x0
 00256  1764   NtClose  (32, ... ) == 0x0
 00257  1764   NtMapViewOfSection  (36, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x420000), 0x0, 110592, ) == 0x0
 00258  1764   NtClose  (36, ... ) == 0x0
 00259  1764   NtUnmapViewOfSection  (-1, 0x420000, ... ) == 0x0
 00260  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1238908, ... ) }, 1238908, ... ) == 0x0
 00261  1764   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 36, {status=0x0, info=1}, ) }, 5, 96, ... 36, {status=0x0, info=1}, ) == 0x0
 00262  1764   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 36, ... 32, ) == 0x0
 00263  1764   NtClose  (36, ... ) == 0x0
 00264  1764   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x420000), 0x0, 110592, ) == 0x0
 00265  1764   NtClose  (32, ... ) == 0x0
 00266  1764   NtUnmapViewOfSection  (-1, 0x420000, ... ) == 0x0
 00267  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239216, ... ) }, 1239216, ... ) == 0x0
 00268  1764   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 32, {status=0x0, info=1}, ) }, 5, 96, ... 32, {status=0x0, info=1}, ) == 0x0
 00269  1764   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 32, ... 36, ) == 0x0
 00270  1764   NtQuerySection  (36, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00271  1764   NtClose  (32, ... ) == 0x0
 00272  1764   NtMapViewOfSection  (36, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x76390000), 0x0, 118784, ) == 0x0
 00273  1764   NtClose  (36, ... ) == 0x0
 00274  1764   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00275  1764   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00276  1764   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00277  1764   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00278  1764   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00279  1764   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00280  1764   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00281  1764   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00282  1764   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00283  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00284  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00285  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1236132, ... ) }, 1236132, ... ) == 0x0
 00286  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239536, ... ) }, 1239536, ... ) == 0x0
 00287  1764   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00288  1764   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize"}, ... 36, ) }, ... 36, ) == 0x0
 00289  1764   NtQueryValueKey  (36,  (36, "DisableMetaFiles", Partial, 20, ... ) , Partial, 20, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00290  1764   NtClose  (36, ... ) == 0x0
 00291  1764   NtMapViewOfSection  (-2147481364, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x420000), 0x0, 1060864, ) == 0x0
 00292  1764   NtClose  (-2147481364, ... ) == 0x0
 00293  1764   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 36, ) == 0x0
 00294  1764   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00295  1764   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147481364, ) == 0x0
 00296  1764   NtQueryInformationToken  (-2147481364, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00297  1764   NtQueryInformationToken  (-2147481364, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00298  1764   NtClose  (-2147481364, ... ) == 0x0
 00299  1764   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 5439488, 4096, ) == 0x0
 00300  1764   NtFreeVirtualMemory  (-1, (0x530000), 4096, 32768, ... (0x530000), 4096, ) == 0x0
 00301  1764   NtDuplicateObject  (-1, 32, -1, 0x0, 0, 2, ... 44, ) == 0x0
 00302  1764   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147481364, ) }, ... -2147481364, ) == 0x0
 00303  1764   NtQueryValueKey  (-2147481364,  (-2147481364, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00304  1764   NtClose  (-2147481364, ... ) == 0x0
 00305  1764   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147481364, ) }, ... -2147481364, ) == 0x0
 00306  1764   NtQueryValueKey  (-2147481364,  (-2147481364, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00307  1764   NtClose  (-2147481364, ... ) == 0x0
 00308  1764   NtQueryDefaultLocale  (0, -105924276, ... ) == 0x0
 00309  1764   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00310  1764   NtUserCallNoParam  (24, ... ) == 0x0
 00311  1764   NtGdiCreateCompatibleDC  (0, ...
 00312  1764   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 5439488, 4096, ) == 0x0
 00311  1764   NtGdiCreateCompatibleDC  ... ) == 0x320104e1
 00313  1764   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00314  1764   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00315  1764   NtGdiCreateBitmap  (8, 8, 1, 1, 2118200212, ... ) == 0x52050634
 00316  1764   NtGdiCreateSolidBrush  (0, 0, ...
 00317  1764   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 8650752, 4096, ) == 0x0
 00316  1764   NtGdiCreateSolidBrush  ... ) == 0x2a100697
 00318  1764   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00319  1764   NtGdiCreateCompatibleDC  (0, ... ) == 0x72010798
 00320  1764   NtGdiSelectBitmap  (1912670104, 1376060980, ... ) == 0x185000f
 00321  1764   NtUserGetThreadDesktop  (1764, 0, ... ) == 0x28
 00322  1764   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 48, ) }, ... 48, ) == 0x0
 00323  1764   NtQueryValueKey  (48,  (48, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (48, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00324  1764   NtClose  (48, ... ) == 0x0
 00325  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00326  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 673, 128, 0, ... ) == 0x8174c017
 00327  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00328  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 674, 128, 0, ... ) == 0x8174c01c
 00329  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00330  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 675, 128, 0, ... ) == 0x8174c01e
 00331  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00332  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 676, 128, 0, ... ) == 0x81748002
 00333  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10013
 00334  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 677, 128, 0, ... ) == 0x8174c018
 00335  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00336  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 678, 128, 0, ... ) == 0x8174c01a
 00337  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00338  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 679, 128, 0, ... ) == 0x8174c01d
 00339  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00340  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 681, 128, 0, ... ) == 0x8174c026
 00341  1764   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00342  1764   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 680, 128, 0, ... ) == 0x8174c019
 00343  1764   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8174c020
 00344  1764   NtUserRegisterClassExWOW  (1240932, 1241028, 1241012, 1241000, 0, 130, 0, ... ) == 0x8174c022
 00345  1764   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8174c023
 00346  1764   NtUserRegisterClassExWOW  (1240932, 1241028, 1241012, 1241000, 0, 130, 0, ... ) == 0x8174c024
 00347  1764   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8174c025
 00348  1764   NtCallbackReturn  (0, 0, 0, ...
 00349  1764   NtGdiInit  (... ) == 0x1
 00350  1764   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00351  1764   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00352  1764   NtAllocateVirtualMemory  (-1, 0, 0, 26112, 4096, 64, ... 8716288, 28672, ) == 0x0
 00353  1764   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00354  1764   NtAllocateVirtualMemory  (-1, 1331200, 0, 4096, 4096, 4, ... 1331200, 4096, ) == 0x0
 00355  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2_32.dll"}, 1242908, ... ) }, 1242908, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00356  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2_32.dll"}, 1242908, ... ) }, 1242908, ... ) == 0x0
 00357  1764   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2_32.dll"}, 5, 96, ... 48, {status=0x0, info=1}, ) }, 5, 96, ... 48, {status=0x0, info=1}, ) == 0x0
 00358  1764   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 48, ... 52, ) == 0x0
 00359  1764   NtQuerySection  (52, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00360  1764   NtClose  (48, ... ) == 0x0
 00361  1764   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71ab0000), 0x0, 94208, ) == 0x0
 00362  1764   NtClose  (52, ... ) == 0x0
 00363  1764   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "msvcrt.dll"}, ... 52, ) }, ... 52, ) == 0x0
 00364  1764   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 360448, ) == 0x0
 00365  1764   NtClose  (52, ... ) == 0x0
 00366  1764   NtProtectVirtualMemory  (-1, (0x77c11000), 632, 4, ... (0x77c11000), 4096, 32, ) == 0x0
 00367  1764   NtProtectVirtualMemory  (-1, (0x77c11000), 4096, 32, ... (0x77c11000), 4096, 4, ) == 0x0
 00368  1764   NtFlushInstructionCache  (-1, 2009141248, 632, ... ) == 0x0
 00369  1764   NtProtectVirtualMemory  (-1, (0x71ab1000), 468, 4, ... (0x71ab1000), 4096, 32, ) == 0x0
 00370  1764   NtProtectVirtualMemory  (-1, (0x71ab1000), 4096, 32, ... (0x71ab1000), 4096, 4, ) == 0x0
 00371  1764   NtFlushInstructionCache  (-1, 1907036160, 468, ... ) == 0x0
 00372  1764   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00373  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2HELP.dll"}, 1242092, ... ) }, 1242092, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00374  1764   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2HELP.dll"}, 1242092, ... ) }, 1242092, ... ) == 0x0
 00375  1764   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2HELP.dll"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00376  1764   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 52, ... 48, ) == 0x0
 00377  1764   NtQuerySection  (48, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00378  1764   NtClose  (52, ... ) == 0x0
 00379  1764   NtMapViewOfSection  (48, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71aa0000), 0x0, 32768, ) == 0x0
 00380  1764   NtClose  (48, ... ) == 0x0
 00381  1764   NtProtectVirtualMemory  (-1, (0x71aa1000), 352, 4, ... (0x71aa1000), 4096, 32, ) == 0x0
 00382  1764   NtProtectVirtualMemory  (-1, (0x71aa1000), 4096, 32, ... (0x71aa1000), 4096, 4, ) == 0x0
 00383  1764   NtFlushInstructionCache  (-1, 1906970624, 352, ... ) == 0x0
 00384  1764   NtProtectVirtualMemory  (-1, (0x71ab1000), 468, 4, ... (0x71ab1000), 4096, 32, ) == 0x0
 00385  1764   NtProtectVirtualMemory  (-1, (0x71ab1000), 4096, 32, ... (0x71ab1000), 4096, 4, ) == 0x0
 00386  1764   NtFlushInstructionCache  (-1, 1907036160, 468, ... ) == 0x0
 00387  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00388  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00389  1764   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 8781824, 65536, ) == 0x0
 00390  1764   NtAllocateVirtualMemory  (-1, 8781824, 0, 4096, 4096, 4, ... 8781824, 4096, ) == 0x0
 00391  1764   NtAllocateVirtualMemory  (-1, 8785920, 0, 8192, 4096, 4, ... 8785920, 8192, ) == 0x0
 00392  1764   NtAllocateVirtualMemory  (-1, 8794112, 0, 4096, 4096, 4, ... 8794112, 4096, ) == 0x0
 00393  1764   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 48, ) }, ... 48, ) == 0x0
 00394  1764   NtMapViewOfSection  (48, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x870000), 0x0, 12288, ) == 0x0
 00395  1764   NtClose  (48, ... ) == 0x0
 00396  1764   NtAllocateVirtualMemory  (-1, 8798208, 0, 4096, 4096, 4, ... 8798208, 4096, ) == 0x0
 00397  1764   NtQueryVirtualMemory  (-1, 0x77c2807c, Basic, 28, ... {BaseAddress=0x77c28000,AllocationBase=0x77c10000,AllocationProtect=0x80,RegionSize=0x35000,State=0x1000,Protect=0x20,Type=0x1000000,}, 28, ) == 0x0
 00398  1764   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 00399  1764   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 00400  1764   NtQueryVirtualMemory  (-1, 0x0, Basic, 28, ... {BaseAddress=0x0,AllocationBase=0x0,AllocationProtect=0x0,RegionSize=0x10000,State=0x10000,Protect=0x1,Type=0x0,}, 28, ) == 0x0
 00401  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00402  1764   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00403  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00404  1764   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00405  1764   NtFreeVirtualMemory  (-1, (0x850000), 0, 32768, ... (0x850000), 28672, ) == 0x0
 00406  1764   NtFreeVirtualMemory  (-1, (0x320144), 0, 32768, ... (0x320000), 4096, ) == 0x0
 00407  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00408  1764   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 3276800, 65536, ) == 0x0
 00409  1764   NtAllocateVirtualMemory  (-1, 3276800, 0, 4096, 4096, 4, ... 3276800, 4096, ) == 0x0
 00410  1764   NtAllocateVirtualMemory  (-1, 3280896, 0, 20480, 4096, 4, ... 3280896, 20480, ) == 0x0
 00411  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 8912896, 1048576, ) == 0x0
 00412  1764   NtAllocateVirtualMemory  (-1, 8912896, 0, 32768, 4096, 4, ... 8912896, 32768, ) == 0x0
 00413  1764   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 48, ) }, ... 48, ) == 0x0
 00414  1764   NtCreateMutant  (0x1f0001, {24, 48, 0x80, 0, 0,  (0x1f0001, {24, 48, 0x80, 0, 0, "Jobaka3"}, 0, ... 52, ) }, 0, ... 52, ) == 0x0
 00415  1764   NtOpenKey  (0x2000000, {24, 16, 0x40, 0, 0,  (0x2000000, {24, 16, 0x40, 0, 0, "System\CurrentControlSet\Services\WinSock2\Parameters"}, ... 56, ) }, ... 56, ) == 0x0
 00416  1764   NtQueryValueKey  (56,  (56, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (56, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 00417  1764   NtQueryValueKey  (56,  (56, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (56, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 00418  1764   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00419  1764   NtOpenKey  (0x2000000, {24, 56, 0x40, 0, 0,  (0x2000000, {24, 56, 0x40, 0, 0, "Protocol_Catalog9"}, ... 64, ) }, ... 64, ) == 0x0
 00420  1764   NtQueryValueKey  (64,  (64, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (64, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) }, 16, ) == 0x0
 00421  1764   NtNotifyChangeKey  (64, 60, 0, 0, 2011455960, 1, 0, 0, 0, 1, ... ) == 0x103
 00422  1764   NtQueryValueKey  (64,  (64, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (64, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) }, 16, ) == 0x0
 00423  1764   NtOpenKey  (0x2000000, {24, 64, 0x40, 0, 0,  (0x2000000, {24, 64, 0x40, 0, 0, "0000000D"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00424  1764   NtQueryValueKey  (64,  (64, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="#\4\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (64, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="#\4\0\0"}, 16, ) }, 16, ) == 0x0
 00425  1764   NtQueryValueKey  (64,  (64, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\26\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (64, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\26\0\0\0"}, 16, ) }, 16, ) == 0x0
 00426  1764   NtOpenKey  (0x2000000, {24, 64, 0x40, 0, 0,  (0x2000000, {24, 64, 0x40, 0, 0, "Catalog_Entries"}, ... 68, ) }, ... 68, ) == 0x0
 00427  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000001"}, ... 72, ) }, ... 72, ) == 0x0
 00428  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00429  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00430  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\257\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\257\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\260\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\260\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\261\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\261\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\262\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\257\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\257\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\260\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\260\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\261\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\261\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\262\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\261\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\262\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\257\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\257\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\260\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\260\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\261\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\261\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\262\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00431  1764   NtClose  (72, ... ) == 0x0
 00432  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000002"}, ... 72, ) }, ... 72, ) == 0x0
 00433  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00434  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00435  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\264\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\264\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\265\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\265\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\266\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\266\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\267\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\264\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\264\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\265\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\265\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\266\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\266\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\267\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\266\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\267\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\264\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\264\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\265\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\265\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\266\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\266\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\267\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00436  1764   NtClose  (72, ... ) == 0x0
 00437  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000003"}, ... 72, ) }, ... 72, ) == 0x0
 00438  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00439  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00440  1764   NtAllocateVirtualMemory  (-1, 1335296, 0, 4096, 4096, 4, ... 1335296, 4096, ) == 0x0
 00441  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\272\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\272\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\273\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\273\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\274\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\274\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\275\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\272\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\272\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\273\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\273\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\274\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\274\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\275\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\274\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\275\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\272\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\272\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\273\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\273\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\274\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\274\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\275\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00442  1764   NtClose  (72, ... ) == 0x0
 00443  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000004"}, ... 72, ) }, ... 72, ) == 0x0
 00444  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00445  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00446  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0\277\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\277\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\300\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\300\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\301\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\301\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\302\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0\277\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\277\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\300\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\300\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\301\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\301\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\302\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\301\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\302\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0\277\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\277\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\300\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\300\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\301\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\301\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\302\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00447  1764   NtClose  (72, ... ) == 0x0
 00448  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000005"}, ... 72, ) }, ... 72, ) == 0x0
 00449  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00450  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00451  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0\304\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\304\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\305\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0\305\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\306\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\306\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\307\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0\304\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\304\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\305\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0\305\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\306\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\306\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\307\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\306\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\307\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0\304\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\304\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\305\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0\305\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\306\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\306\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\307\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00452  1764   NtClose  (72, ... ) == 0x0
 00453  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000006"}, ... 72, ) }, ... 72, ) == 0x0
 00454  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00455  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00456  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\311\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\311\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\312\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\312\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\313\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\313\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\314\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\311\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\311\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\312\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\312\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\313\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\313\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\314\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\313\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\314\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\311\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\311\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\312\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\312\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\313\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\313\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\314\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00457  1764   NtClose  (72, ... ) == 0x0
 00458  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000007"}, ... 72, ) }, ... 72, ) == 0x0
 00459  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00460  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00461  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0\316\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\316\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\317\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\317\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\320\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\320\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\321\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0\316\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\316\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\317\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\317\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\320\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\320\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\321\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\320\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\321\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0\316\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\316\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\317\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\317\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\320\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\320\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\321\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00462  1764   NtClose  (72, ... ) == 0x0
 00463  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000008"}, ... 72, ) }, ... 72, ) == 0x0
 00464  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00465  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00466  1764   NtAllocateVirtualMemory  (-1, 1339392, 0, 4096, 4096, 4, ... 1339392, 4096, ) == 0x0
 00467  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0\324\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\324\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\325\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0\325\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\326\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\326\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\327\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0\324\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\324\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\325\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0\325\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\326\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\326\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\327\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\326\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\327\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0\324\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\324\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\325\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0\325\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\326\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\326\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\327\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00468  1764   NtClose  (72, ... ) == 0x0
 00469  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000009"}, ... 72, ) }, ... 72, ) == 0x0
 00470  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00471  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00472  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\331\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\331\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\332\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0\332\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\333\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\333\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\334\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\331\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\331\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\332\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0\332\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\333\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\333\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\334\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\333\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\334\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\331\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\331\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\332\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0\332\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\333\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\333\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\334\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00473  1764   NtClose  (72, ... ) == 0x0
 00474  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000010"}, ... 72, ) }, ... 72, ) == 0x0
 00475  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00476  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00477  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\336\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\336\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\337\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\337\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\340\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\340\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\341\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\336\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\336\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\337\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\337\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\340\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\340\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\341\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\340\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\341\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\336\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\336\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\337\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\337\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\340\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\340\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\341\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00478  1764   NtClose  (72, ... ) == 0x0
 00479  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000011"}, ... 72, ) }, ... 72, ) == 0x0
 00480  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00481  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00482  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\343\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\343\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\344\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0\344\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\345\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\345\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\346\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\343\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\343\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\344\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0\344\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\345\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\345\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\346\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\345\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\346\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\343\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\343\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\344\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0\344\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\345\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\345\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\346\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00483  1764   NtClose  (72, ... ) == 0x0
 00484  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000012"}, ... 72, ) }, ... 72, ) == 0x0
 00485  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00486  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00487  1764   NtAllocateVirtualMemory  (-1, 1343488, 0, 4096, 4096, 4, ... 1343488, 4096, ) == 0x0
 00488  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\351\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\351\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\352\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0\352\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\353\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\353\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\354\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\351\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\351\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\352\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0\352\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\353\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\353\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\354\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\353\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\354\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\351\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\351\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\352\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0\352\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\353\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\353\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\354\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00489  1764   NtClose  (72, ... ) == 0x0
 00490  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000013"}, ... 72, ) }, ... 72, ) == 0x0
 00491  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00492  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00493  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\356\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\356\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\357\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0\357\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\360\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\360\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\361\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\356\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\356\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\357\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0\357\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\360\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\360\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\361\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\360\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\361\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\356\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\356\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\357\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0\357\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\360\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\360\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\361\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00494  1764   NtClose  (72, ... ) == 0x0
 00495  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000014"}, ... 72, ) }, ... 72, ) == 0x0
 00496  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00497  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00498  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\363\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\363\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\364\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0\364\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\365\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\365\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\366\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\363\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\363\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\364\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0\364\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\365\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\365\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\366\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\365\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\366\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\363\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\363\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\364\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0\364\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\365\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\365\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\366\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00499  1764   NtClose  (72, ... ) == 0x0
 00500  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000015"}, ... 72, ) }, ... 72, ) == 0x0
 00501  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00502  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00503  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\370\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\370\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\371\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0\371\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\372\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\372\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\373\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\370\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\370\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\371\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0\371\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\372\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\372\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\373\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\372\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\373\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\370\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\370\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\371\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0\371\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\372\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\372\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\373\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00504  1764   NtClose  (72, ... ) == 0x0
 00505  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000016"}, ... 72, ) }, ... 72, ) == 0x0
 00506  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00507  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00508  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\375\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\375\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\376\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0\376\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\377\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\377\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\0\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\375\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\375\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\376\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0\376\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\377\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\377\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\0\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\377\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\0\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\375\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\375\1\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\376\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0\376\1\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\377\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\377\1\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\0\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00509  1764   NtClose  (72, ... ) == 0x0
 00510  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000017"}, ... 72, ) }, ... 72, ) == 0x0
 00511  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00512  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00513  1764   NtAllocateVirtualMemory  (-1, 1347584, 0, 4096, 4096, 4, ... 1347584, 4096, ) == 0x0
 00514  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\3\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\3\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\4\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0\4\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\5\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\5\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\6\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\3\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\3\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\4\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0\4\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\5\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\5\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\6\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\5\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\6\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\3\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\3\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\4\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0\4\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\5\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\5\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\6\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00515  1764   NtClose  (72, ... ) == 0x0
 00516  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000018"}, ... 72, ) }, ... 72, ) == 0x0
 00517  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00518  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00519  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\10\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\10\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\11\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0\11\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\12\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\12\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\13\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\10\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\10\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\11\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0\11\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\12\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\12\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\13\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\12\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\13\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\10\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\10\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\11\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0\11\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\12\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\12\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\13\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00520  1764   NtClose  (72, ... ) == 0x0
 00521  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000019"}, ... 72, ) }, ... 72, ) == 0x0
 00522  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00523  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00524  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\15\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\15\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\16\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0\16\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\17\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\17\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\20\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\15\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\15\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\16\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0\16\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\17\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\17\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\20\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\17\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\20\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\15\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\15\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\16\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0\16\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\17\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\17\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\20\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00525  1764   NtClose  (72, ... ) == 0x0
 00526  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000020"}, ... 72, ) }, ... 72, ) == 0x0
 00527  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00528  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00529  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\22\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\22\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\23\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0\23\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\24\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\24\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\25\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\22\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\22\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\23\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0\23\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\24\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\24\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\25\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\24\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\25\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\22\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\22\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\23\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0\23\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\24\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\24\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\25\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00530  1764   NtClose  (72, ... ) == 0x0
 00531  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000021"}, ... 72, ) }, ... 72, ) == 0x0
 00532  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00533  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00534  1764   NtAllocateVirtualMemory  (-1, 1351680, 0, 4096, 4096, 4, ... 1351680, 4096, ) == 0x0
 00535  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\30\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\30\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\31\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0\31\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\32\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\32\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\33\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\30\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\30\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\31\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0\31\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\32\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\32\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\33\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\32\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\33\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0 (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\30\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\30\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\31\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0D\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\200O\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0\31\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0\32\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\32\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\33\2\0\0\30\5\0\0\344\6\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0H\0\0\0\0\0\0\0"\0\12\2\0\374\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00536  1764   NtClose  (72, ... ) == 0x0
 00537  1764   NtOpenKey  (0x20019, {24, 68, 0x40, 0, 0,  (0x20019, {24, 68, 0x40, 0, 0, "000000000022"}, ... 72, ) }, ... 72, ) == 0x0
 00538  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00539  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00540  1764   NtQueryValueKey  (72,  (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222"\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\35\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\35\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\36\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\36\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\37\2\0\0\30\5\0\0\344\6\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\37\2\0\0\30\5\0\0\344\6\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0 \2\0\0\30\5\0\0\344\6\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0 \2\0\0\30\5\0\0\344\6\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0!\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\08\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0PO\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (72, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222"\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\35\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\35\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\36\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\36\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\37\2\0\0\30\5\0\0\344\6\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\37\2\0\0\30\5\0\0\344\6\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0 \2\0\0\30\5\0\0\344\6\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0 \2\0\0\30\5\0\0\344\6\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0!\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\08\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0PO\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\35\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\35\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\36\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\36\2\0\0\30\5\0\0\344\6\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\37\2\0\0\30\5\0\0\344\6\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\37\2\0\0\30\5\0\0\344\6\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0 \2\0\0\30\5\0\0\344\6\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0 \2\0\0\30\5\0\0\344\6\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0!\2\0\0\30\5\0\0\344\6\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\08\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0PO\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) == 0x0
 00541  1764   NtClose  (72, ... ) == 0x0
 00542  1764   NtClose  (68, ... ) == 0x0
 00543  1764   NtWaitForSingleObject  (60, 0, {0, 0}, ... ) == 0x102
 00544  1764   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 68, ) == 0x0
 00545  1764   NtOpenKey  (0x2000000, {24, 56, 0x40, 0, 0,  (0x2000000, {24, 56, 0x40, 0, 0, "NameSpace_Catalog5"}, ... 72, ) }, ... 72, ) == 0x0
 00546  1764   NtQueryValueKey  (72,  (72, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (72, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) }, 16, ) == 0x0
 00547  1764   NtNotifyChangeKey  (72, 68, 0, 0, 2011455960, 1, 0, 0, 0, 1, ... ) == 0x103
 00548  1764   NtQueryValueKey  (72,  (72, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (72, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) }, 16, ) == 0x0
 00549  1764   NtOpenKey  (0x2000000, {24, 72, 0x40, 0, 0,  (0x2000000, {24, 72, 0x40, 0, 0, "00000005"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00550  1764   NtQueryValueKey  (72,  (72, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (72, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) }, 16, ) == 0x0
 00551  1764   NtOpenKey  (0x2000000, {24, 72, 0x40, 0, 0,  (0x2000000, {24, 72, 0x40, 0, 0, "Catalog_Entries"}, ... 76, ) }, ... 76, ) == 0x0
 00552  1764   NtOpenKey  (0x20019, {24, 76, 0x40, 0, 0,  (0x20019, {24, 76, 0x40, 0, 0, "000000000001"}, ... 80, ) }, ... 80, ) == 0x0
 00553  1764   NtQueryValueKey  (80,  (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00554  1764   NtQueryValueKey  (80,  (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00555  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00556  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00557  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00558  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00559  1764   NtQueryValueKey  (80,  (80, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (80, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) \236~\317\21\256Z\0\252\0\247\21+"}, 28, ) == 0x0
 00560  1764   NtQueryValueKey  (80,  (80, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00561  1764   NtQueryValueKey  (80,  (80, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) }, 16, ) == 0x0
 00562  1764   NtQueryValueKey  (80,  (80, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00563  1764   NtQueryValueKey  (80,  (80, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00564  1764   NtQueryValueKey  (80,  (80, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00565  1764   NtClose  (80, ... ) == 0x0
 00566  1764   NtOpenKey  (0x20019, {24, 76, 0x40, 0, 0,  (0x20019, {24, 76, 0x40, 0, 0, "000000000002"}, ... 80, ) }, ... 80, ) == 0x0
 00567  1764   NtQueryValueKey  (80,  (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00568  1764   NtQueryValueKey  (80,  (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00569  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00570  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00571  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00572  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00573  1764   NtQueryValueKey  (80,  (80, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (80, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) }, 28, ) == 0x0
 00574  1764   NtQueryValueKey  (80,  (80, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00575  1764   NtQueryValueKey  (80,  (80, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) }, 16, ) == 0x0
 00576  1764   NtQueryValueKey  (80,  (80, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00577  1764   NtQueryValueKey  (80,  (80, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00578  1764   NtQueryValueKey  (80,  (80, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00579  1764   NtClose  (80, ... ) == 0x0
 00580  1764   NtOpenKey  (0x20019, {24, 76, 0x40, 0, 0,  (0x20019, {24, 76, 0x40, 0, 0, "000000000003"}, ... 80, ) }, ... 80, ) == 0x0
 00581  1764   NtQueryValueKey  (80,  (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00582  1764   NtQueryValueKey  (80,  (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00583  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00584  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00585  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00586  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00587  1764   NtQueryValueKey  (80,  (80, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (80, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) }, 28, ) == 0x0
 00588  1764   NtQueryValueKey  (80,  (80, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00589  1764   NtQueryValueKey  (80,  (80, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) }, 16, ) == 0x0
 00590  1764   NtQueryValueKey  (80,  (80, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00591  1764   NtQueryValueKey  (80,  (80, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00592  1764   NtQueryValueKey  (80,  (80, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00593  1764   NtClose  (80, ... ) == 0x0
 00594  1764   NtOpenKey  (0x20019, {24, 76, 0x40, 0, 0,  (0x20019, {24, 76, 0x40, 0, 0, "000000000004"}, ... 80, ) }, ... 80, ) == 0x0
 00595  1764   NtQueryValueKey  (80,  (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00596  1764   NtQueryValueKey  (80,  (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00597  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 00598  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 00599  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 00600  1764   NtAllocateVirtualMemory  (-1, 1355776, 0, 4096, 4096, 4, ... 1355776, 4096, ) == 0x0
 00601  1764   NtQueryValueKey  (80,  (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (80, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 00602  1764   NtQueryValueKey  (80,  (80, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\340c\252\6`}\377A\257\262>\346\322\3319-"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (80, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\340c\252\6`}\377A\257\262>\346\322\3319-"}, 28, ) }, 28, ) == 0x0
 00603  1764   NtQueryValueKey  (80,  (80, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00604  1764   NtQueryValueKey  (80,  (80, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) }, 16, ) == 0x0
 00605  1764   NtQueryValueKey  (80,  (80, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00606  1764   NtQueryValueKey  (80,  (80, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00607  1764   NtQueryValueKey  (80,  (80, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (80, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00608  1764   NtClose  (80, ... ) == 0x0
 00609  1764   NtClose  (76, ... ) == 0x0
 00610  1764   NtWaitForSingleObject  (68, 0, {0, 0}, ... ) == 0x102
 00611  1764   NtClose  (56, ... ) == 0x0
 00612  1764   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00613  1764   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00614  1764   NtOpenKey  (0x1, {24, 16, 0x40, 0, 0,  (0x1, {24, 16, 0x40, 0, 0, "System\CurrentControlSet\Services\Winsock2\Parameters"}, ... 56, ) }, ... 56, ) == 0x0
 00615  1764   NtQueryValueKey  (56,  (56, "Ws2_32NumHandleBuckets", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00616  1764   NtClose  (56, ... ) == 0x0
 00617  1764   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 56, ) == 0x0
 00618  1764   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1241648,  (0x80100080, {24, 0, 0x40, 0, 1241648, "\??\u:\work\packed.exe"}, 0x0, 0, 1, 1, 2097252, 0, 0, ... 76, {status=0x0, info=1}, ) }, 0x0, 0, 1, 1, 2097252, 0, 0, ... 76, {status=0x0, info=1}, ) == 0x0
 00619  1764   NtQueryInformationFile  (76, 1242084, 8, AttributeFlag, ... {status=0x0, info=8}, ) == 0x0
 00620  1764   NtQueryInformationFile  (76, 1242000, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00621  1764   NtQueryInformationFile  (76, 1241816, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00622  1764   NtAllocateVirtualMemory  (-1, 1359872, 0, 8192, 4096, 4, ... 1359872, 8192, ) == 0x0
 00623  1764   NtQueryInformationFile  (76, 1356544, 4094, Stream, ... {status=0x0, info=38}, ) == 0x0
 00624  1764   NtQueryInformationFile  (76, 1240264, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00625  1764   NtQueryInformationFile  (76, 1240540, 4, Ea, ... {status=0x0, info=4}, ) == 0x0
 00626  1764   NtCreateFile  (0x40110080, {24, 0, 0x40, 0, 1240416,  (0x40110080, {24, 0, 0x40, 0, 1240416, "\??\C:\WINDOWS\avserve2.exe"}, 0x0, 32, 0, 5, 100, 0, 0, ... }, 0x0, 32, 0, 5, 100, 0, 0, ...
 00627  1764   NtClose  (-2147481364, ... ) == 0x0
 00626  1764   NtCreateFile  ... 80, {status=0x0, info=2}, ) == 0x0
 00628  1764   NtQueryVolumeInformationFile  (80, 1240568, 536, Attribute, ... {status=0x0, info=20}, ) == 0x0
 00629  1764   NtQueryInformationFile  (80, 1240152, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00630  1764   NtQueryVolumeInformationFile  (76, 1240568, 536, Attribute, ... {status=0x0, info=20}, ) == 0x0
 00631  1764   NtSetInformationFile  (80, 1240468, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00632  1764   NtCreateSection  (0xf001f, 0x0, 0x0, 2, 134217728, 76, ... 84, ) == 0x0
 00633  1764   NtMapViewOfSection  (84, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0x850000), {0, 0}, 45056, ) == 0x0
 00634  1764   NtClose  (84, ... ) == 0x0
 00635  1764   NtWriteFile  (80, 0, 0, 0,  (80, 0, 0, 0, "MZ\220\0\3\0\0\0\4\0\0\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\320\0\0\0\16\37\272\16\0\264\11\315!\270\1L\315!This program cannot be run in DOS mode.\15\15\12$\0\0\0\0\0\0\0\324%^\221\220D0\302\220D0\302\220D0\302x[:\302\212D0\302\23X>\302\233D0\302\220D1\302\331D0\302\362[#\302\231D0\302x[;\302\224D0\302(B6\302\221D0\302Rich\220D0\302\0\0\0\0\0\0\0\0PE\0\0L\1\3\0d\347\223@\0\0\0\0\0\0\0\0\340\0\17\1\13\1\6\0\0>\0\0\0"\0\0\0\0\0\0\0\240\1\0\0\20\0\0\0P\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\260\1\0\0\4\0\0\0\0\0\0\2\0\0\0\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0$\220\0\0\212\0\0\0\0\220\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0\0\200\0\0\0\20\0\0\00\0\0\0\4\0\02CEP\0\0\0\0\0\0\0\0 \0\0\340.rsr", 42568, 0x0, 0, ... {status=0x0, info=42568}, ) \0\0\0\0\0\0\0\240\1\0\0\20\0\0\0P\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\260\1\0\0\4\0\0\0\0\0\0\2\0\0\0\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0$\220\0\0\212\0\0\0\0\220\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0\0\200\0\0\0\20\0\0\00\0\0\0\4\0\02CEP\0\0\0\0\0\0\0\0 \0\0\340.rsr", 42568, 0x0, 0, ... {status=0x0, info=42568}, ) == 0x0
 00636  1764   NtUnmapViewOfSection  (-1, 0x850000, ... ) == 0x0
 00637  1764   NtSetInformationFile  (80, 1241816, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00638  1764   NtClose  (76, ... ) == 0x0
 00639  1764   NtClose  (80, ... ) == 0x0
 00640  1764   NtOpenKey  (0x2000000, {24, 16, 0x40, 0, 0,  (0x2000000, {24, 16, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"}, ... 80, ) }, ... 80, ) == 0x0
 00641  1764   NtSetValueKey  (80,  (80, "avserve2.exe", 0, 1, "C\0:\0\\0W\0I\0N\0D\0O\0W\0S\0\\0a\0v\0s\0e\0r\0v\0e\02\0.\0e\0x\0e\0\0\0", 48, ... , 0, 1,  (80, "avserve2.exe", 0, 1, "C\0:\0\\0W\0I\0N\0D\0O\0W\0S\0\\0a\0v\0s\0e\0r\0v\0e\02\0.\0e\0x\0e\0\0\0", 48, ... , 48, ...
 00642  1764   NtSetInformationFile  (-2147482448, -105924816, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00643  1764   NtSetInformationFile  (-2147482448, -105924852, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00644  1764   NtSetInformationFile  (-2147482448, -105924908, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00645  1764   NtSetInformationFile  (-2147482448, -105925216, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00641  1764   NtSetValueKey  ... ) == 0x0
 00646  1764   NtClose  (80, ... ) == 0x0
 00647  1764   NtCreateMutant  (0x1f0001, {24, 48, 0x80, 0, 0,  (0x1f0001, {24, 48, 0x80, 0, 0, "JumpallsNlsTillt"}, 0, ... 80, ) }, 0, ... 80, ) == 0x0
 00648  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 9961472, 1048576, ) == 0x0
 00649  1764   NtAllocateVirtualMemory  (-1, 11001856, 0, 8192, 4096, 4, ... 11001856, 8192, ) == 0x0
 00650  1764   NtProtectVirtualMemory  (-1, (0xa7e000), 4096, 260, ... (0xa7e000), 4096, 4, ) == 0x0
 00651  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 76, {1304, 460}, ) == 0x0
 00652  1764   NtQueryInformationThread  (76, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffde000,Pid=1304,Tid=460,}, 0x0, ) == 0x0
 00653  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893}  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\0\0\0\30\5\0\0\314\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 57986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\0\0\0\30\5\0\0\314\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57986, 0}  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\0\0\0\30\5\0\0\314\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 57986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\0\0\0\30\5\0\0\314\1\0\0" )  ) == 0x0
 00654  1764   NtResumeThread  (76, ... 1, ) == 0x0
 00655  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 11010048, 1048576, ) == 0x0
 00656   460   NtTestAlert  (... ) == 0x0
 00657   460   NtContinue  (11009328, 1, ...
 00658   460   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00659   460   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 84, ) == 0x0
 00660   460   NtWaitForSingleObject  (60, 0, {0, 0}, ... ) == 0x102
 00661   460   NtAllocateVirtualMemory  (-1, 10997760, 0, 4096, 4096, 260, ...
 00662  1764   NtAllocateVirtualMemory  (-1, 12050432, 0, 8192, 4096, 4, ... 12050432, 8192, ) == 0x0
 00663  1764   NtProtectVirtualMemory  (-1, (0xb7e000), 4096, 260, ... (0xb7e000), 4096, 4, ) == 0x0
 00664  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 88, {1304, 1068}, ) == 0x0
 00665  1764   NtQueryInformationThread  (88, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdd000,Pid=1304,Tid=1068,}, 0x0, ) == 0x0
 00666  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57986, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\0\0\0\30\5\0\0,\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 57987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\0\0\0\30\5\0\0,\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57987, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\0\0\0\30\5\0\0,\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 57987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\0\0\0\30\5\0\0,\4\0\0" )  ) == 0x0
 00667  1764   NtResumeThread  (88, ...
 00661   460   NtAllocateVirtualMemory  ... 10997760, 4096, ) == 0x0
 00668   460   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11006452, ... ) }, 11006452, ... ) == 0x0
 00669   460   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 5, 96, ... 92, {status=0x0, info=1}, ) }, 5, 96, ... 92, {status=0x0, info=1}, ) == 0x0
 00670   460   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 92, ... 96, ) == 0x0
 00671   460   NtClose  (92, ... ) == 0x0
 00672   460   NtMapViewOfSection  (96, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0xb80000), 0x0, 245760, ) == 0x0
 00673   460   NtClose  (96, ...
 00667  1764   NtResumeThread  ... 1, ) == 0x0
 00674  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 12320768, 1048576, ) == 0x0
 00675  1764   NtAllocateVirtualMemory  (-1, 13361152, 0, 8192, 4096, 4, ... 13361152, 8192, ) == 0x0
 00676  1764   NtProtectVirtualMemory  (-1, (0xcbe000), 4096, 260, ... (0xcbe000), 4096, 4, ) == 0x0
 00677  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 92, {1304, 1856}, ) == 0x0
 00678  1764   NtQueryInformationThread  (92, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdb000,Pid=1304,Tid=1856,}, 0x0, ) == 0x0
 00679  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57987, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\0\0\0\30\5\0\0@\7\0\0" ...  ...
 00673   460   NtClose  ... ) == 0x0
 00680  1068   NtCreateEvent  (0x100003, 0x0, 1, 0, ... 96, ) == 0x0
 00681  1068   NtWaitForSingleObject  (96, 0, 0x0, ...
 00679  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 57988, 0}  ... {28, 56, reply, 0, 1304, 1764, 57988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\0\0\0\30\5\0\0@\7\0\0" )  ) == 0x0
 00682  1764   NtResumeThread  (92, ... 1, ) == 0x0
 00683  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 13369344, 1048576, ) == 0x0
 00684  1856   NtWaitForSingleObject  (96, 0, 0x0, ...
 00685  1764   NtAllocateVirtualMemory  (-1, 14409728, 0, 8192, 4096, 4, ... 14409728, 8192, ) == 0x0
 00686  1764   NtProtectVirtualMemory  (-1, (0xdbe000), 4096, 260, ... (0xdbe000), 4096, 4, ) == 0x0
 00687  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 100, {1304, 1596}, ) == 0x0
 00688  1764   NtQueryInformationThread  (100, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffda000,Pid=1304,Tid=1596,}, 0x0, ) == 0x0
 00689  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57988, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\0\0\0\30\5\0\0<\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 57989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\0\0\0\30\5\0\0<\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57989, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\0\0\0\30\5\0\0<\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 57989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\0\0\0\30\5\0\0<\6\0\0" )  ) == 0x0
 00690  1764   NtResumeThread  (100, ... 1, ) == 0x0
 00691  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 14417920, 1048576, ) == 0x0
 00692  1764   NtAllocateVirtualMemory  (-1, 15458304, 0, 8192, 4096, 4, ... 15458304, 8192, ) == 0x0
 00693  1764   NtProtectVirtualMemory  (-1, (0xebe000), 4096, 260, ...
 00694  1596   NtWaitForSingleObject  (96, 0, 0x0, ...
 00693  1764   NtProtectVirtualMemory  ... (0xebe000), 4096, 4, ) == 0x0
 00695  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 104, {1304, 1128}, ) == 0x0
 00696  1764   NtQueryInformationThread  (104, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd9000,Pid=1304,Tid=1128,}, 0x0, ) == 0x0
 00697  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57989, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\0\0\0\30\5\0\0h\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 57990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\0\0\0\30\5\0\0h\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57990, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\0\0\0\30\5\0\0h\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 57990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\0\0\0\30\5\0\0h\4\0\0" )  ) == 0x0
 00698  1764   NtResumeThread  (104, ... 1, ) == 0x0
 00699  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 15466496, 1048576, ) == 0x0
 00700  1128   NtWaitForSingleObject  (96, 0, 0x0, ...
 00701  1764   NtAllocateVirtualMemory  (-1, 16506880, 0, 8192, 4096, 4, ... 16506880, 8192, ) == 0x0
 00702  1764   NtProtectVirtualMemory  (-1, (0xfbe000), 4096, 260, ... (0xfbe000), 4096, 4, ) == 0x0
 00703  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 108, {1304, 1256}, ) == 0x0
 00704  1764   NtQueryInformationThread  (108, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd8000,Pid=1304,Tid=1256,}, 0x0, ) == 0x0
 00705  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57990, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\0\0\0\30\5\0\0\350\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 57991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\0\0\0\30\5\0\0\350\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57991, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\0\0\0\30\5\0\0\350\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 57991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\0\0\0\30\5\0\0\350\4\0\0" )  ) == 0x0
 00706  1764   NtResumeThread  (108, ... 1, ) == 0x0
 00707  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 16515072, 1048576, ) == 0x0
 00708  1764   NtAllocateVirtualMemory  (-1, 17555456, 0, 8192, 4096, 4, ... 17555456, 8192, ) == 0x0
 00709  1764   NtProtectVirtualMemory  (-1, (0x10be000), 4096, 260, ...
 00710  1256   NtWaitForSingleObject  (96, 0, 0x0, ...
 00709  1764   NtProtectVirtualMemory  ... (0x10be000), 4096, 4, ) == 0x0
 00711  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 112, {1304, 1800}, ) == 0x0
 00712  1764   NtQueryInformationThread  (112, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd7000,Pid=1304,Tid=1800,}, 0x0, ) == 0x0
 00713  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57991, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\0\0\0\30\5\0\0\10\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 57992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\0\0\0\30\5\0\0\10\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57992, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\0\0\0\30\5\0\0\10\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 57992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\0\0\0\30\5\0\0\10\7\0\0" )  ) == 0x0
 00714  1764   NtResumeThread  (112, ... 1, ) == 0x0
 00715  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 17563648, 1048576, ) == 0x0
 00716  1800   NtWaitForSingleObject  (96, 0, 0x0, ...
 00717  1764   NtAllocateVirtualMemory  (-1, 18604032, 0, 8192, 4096, 4, ... 18604032, 8192, ) == 0x0
 00718  1764   NtProtectVirtualMemory  (-1, (0x11be000), 4096, 260, ... (0x11be000), 4096, 4, ) == 0x0
 00719  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 116, {1304, 1796}, ) == 0x0
 00720  1764   NtQueryInformationThread  (116, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd6000,Pid=1304,Tid=1796,}, 0x0, ) == 0x0
 00721  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57992, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\0\0\0\30\5\0\0\4\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 57993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\0\0\0\30\5\0\0\4\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57993, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\0\0\0\30\5\0\0\4\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 57993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\0\0\0\30\5\0\0\4\7\0\0" )  ) == 0x0
 00722  1764   NtResumeThread  (116, ... 1, ) == 0x0
 00723  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 18612224, 1048576, ) == 0x0
 00724  1764   NtAllocateVirtualMemory  (-1, 19652608, 0, 8192, 4096, 4, ... 19652608, 8192, ) == 0x0
 00725  1764   NtProtectVirtualMemory  (-1, (0x12be000), 4096, 260, ...
 00726  1796   NtWaitForSingleObject  (96, 0, 0x0, ...
 00725  1764   NtProtectVirtualMemory  ... (0x12be000), 4096, 4, ) == 0x0
 00727  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 120, {1304, 1808}, ) == 0x0
 00728  1764   NtQueryInformationThread  (120, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd5000,Pid=1304,Tid=1808,}, 0x0, ) == 0x0
 00729  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57993, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\0\0\0\30\5\0\0\20\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 57994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\0\0\0\30\5\0\0\20\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57994, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\0\0\0\30\5\0\0\20\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 57994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\0\0\0\30\5\0\0\20\7\0\0" )  ) == 0x0
 00730  1764   NtResumeThread  (120, ... 1, ) == 0x0
 00731  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 19660800, 1048576, ) == 0x0
 00732  1808   NtWaitForSingleObject  (96, 0, 0x0, ...
 00733  1764   NtAllocateVirtualMemory  (-1, 20701184, 0, 8192, 4096, 4, ... 20701184, 8192, ) == 0x0
 00734  1764   NtProtectVirtualMemory  (-1, (0x13be000), 4096, 260, ... (0x13be000), 4096, 4, ) == 0x0
 00735  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 124, {1304, 1700}, ) == 0x0
 00736  1764   NtQueryInformationThread  (124, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd4000,Pid=1304,Tid=1700,}, 0x0, ) == 0x0
 00737  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57994, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\0\0\0\30\5\0\0\244\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 57995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\0\0\0\30\5\0\0\244\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57995, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\0\0\0\30\5\0\0\244\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 57995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\0\0\0\30\5\0\0\244\6\0\0" )  ) == 0x0
 00738  1764   NtResumeThread  (124, ... 1, ) == 0x0
 00739  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 20709376, 1048576, ) == 0x0
 00740  1764   NtAllocateVirtualMemory  (-1, 21749760, 0, 8192, 4096, 4, ... 21749760, 8192, ) == 0x0
 00741  1764   NtProtectVirtualMemory  (-1, (0x14be000), 4096, 260, ...
 00742  1700   NtWaitForSingleObject  (96, 0, 0x0, ...
 00741  1764   NtProtectVirtualMemory  ... (0x14be000), 4096, 4, ) == 0x0
 00743  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 128, {1304, 1156}, ) == 0x0
 00744  1764   NtQueryInformationThread  (128, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffaf000,Pid=1304,Tid=1156,}, 0x0, ) == 0x0
 00745  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57995, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\0\0\0\30\5\0\0\204\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 57996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\0\0\0\30\5\0\0\204\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57996, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\0\0\0\30\5\0\0\204\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 57996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\0\0\0\30\5\0\0\204\4\0\0" )  ) == 0x0
 00746  1764   NtResumeThread  (128, ... 1, ) == 0x0
 00747  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 21757952, 1048576, ) == 0x0
 00748  1156   NtWaitForSingleObject  (96, 0, 0x0, ...
 00749  1764   NtAllocateVirtualMemory  (-1, 22798336, 0, 8192, 4096, 4, ... 22798336, 8192, ) == 0x0
 00750  1764   NtProtectVirtualMemory  (-1, (0x15be000), 4096, 260, ... (0x15be000), 4096, 4, ) == 0x0
 00751  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 132, {1304, 712}, ) == 0x0
 00752  1764   NtQueryInformationThread  (132, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffae000,Pid=1304,Tid=712,}, 0x0, ) == 0x0
 00753  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57996, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\0\0\0\30\5\0\0\310\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 57997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\0\0\0\30\5\0\0\310\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57997, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\0\0\0\30\5\0\0\310\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 57997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\0\0\0\30\5\0\0\310\2\0\0" )  ) == 0x0
 00754  1764   NtResumeThread  (132, ... 1, ) == 0x0
 00755  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 22806528, 1048576, ) == 0x0
 00756  1764   NtAllocateVirtualMemory  (-1, 23846912, 0, 8192, 4096, 4, ... 23846912, 8192, ) == 0x0
 00757  1764   NtProtectVirtualMemory  (-1, (0x16be000), 4096, 260, ...
 00758   712   NtWaitForSingleObject  (96, 0, 0x0, ...
 00757  1764   NtProtectVirtualMemory  ... (0x16be000), 4096, 4, ) == 0x0
 00759  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 136, {1304, 1728}, ) == 0x0
 00760  1764   NtQueryInformationThread  (136, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffad000,Pid=1304,Tid=1728,}, 0x0, ) == 0x0
 00761  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57997, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\0\0\0\30\5\0\0\300\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 57998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\0\0\0\30\5\0\0\300\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57998, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\0\0\0\30\5\0\0\300\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 57998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\0\0\0\30\5\0\0\300\6\0\0" )  ) == 0x0
 00762  1764   NtResumeThread  (136, ... 1, ) == 0x0
 00763  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 23855104, 1048576, ) == 0x0
 00764  1728   NtWaitForSingleObject  (96, 0, 0x0, ...
 00765  1764   NtAllocateVirtualMemory  (-1, 24895488, 0, 8192, 4096, 4, ... 24895488, 8192, ) == 0x0
 00766  1764   NtProtectVirtualMemory  (-1, (0x17be000), 4096, 260, ... (0x17be000), 4096, 4, ) == 0x0
 00767  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 140, {1304, 1356}, ) == 0x0
 00768  1764   NtQueryInformationThread  (140, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffac000,Pid=1304,Tid=1356,}, 0x0, ) == 0x0
 00769  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57998, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\0\0\0\30\5\0\0L\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 57999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\0\0\0\30\5\0\0L\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 57999, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\0\0\0\30\5\0\0L\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 57999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\0\0\0\30\5\0\0L\5\0\0" )  ) == 0x0
 00770  1764   NtResumeThread  (140, ... 1, ) == 0x0
 00771  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 24903680, 1048576, ) == 0x0
 00772  1764   NtAllocateVirtualMemory  (-1, 25944064, 0, 8192, 4096, 4, ... 25944064, 8192, ) == 0x0
 00773  1764   NtProtectVirtualMemory  (-1, (0x18be000), 4096, 260, ...
 00774  1356   NtWaitForSingleObject  (96, 0, 0x0, ...
 00773  1764   NtProtectVirtualMemory  ... (0x18be000), 4096, 4, ) == 0x0
 00775  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 144, {1304, 1536}, ) == 0x0
 00776  1764   NtQueryInformationThread  (144, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffab000,Pid=1304,Tid=1536,}, 0x0, ) == 0x0
 00777  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 57999, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0\30\5\0\0\0\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0\30\5\0\0\0\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58000, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 57999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0\30\5\0\0\0\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0\30\5\0\0\0\6\0\0" )  ) == 0x0
 00778  1764   NtResumeThread  (144, ... 1, ) == 0x0
 00779  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 25952256, 1048576, ) == 0x0
 00780  1536   NtWaitForSingleObject  (96, 0, 0x0, ...
 00781  1764   NtAllocateVirtualMemory  (-1, 26992640, 0, 8192, 4096, 4, ... 26992640, 8192, ) == 0x0
 00782  1764   NtProtectVirtualMemory  (-1, (0x19be000), 4096, 260, ... (0x19be000), 4096, 4, ) == 0x0
 00783  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 148, {1304, 444}, ) == 0x0
 00784  1764   NtQueryInformationThread  (148, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffaa000,Pid=1304,Tid=444,}, 0x0, ) == 0x0
 00785  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58000, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0\30\5\0\0\274\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0\30\5\0\0\274\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58001, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0\30\5\0\0\274\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0\30\5\0\0\274\1\0\0" )  ) == 0x0
 00786  1764   NtResumeThread  (148, ... 1, ) == 0x0
 00787  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 27000832, 1048576, ) == 0x0
 00788  1764   NtAllocateVirtualMemory  (-1, 28041216, 0, 8192, 4096, 4, ... 28041216, 8192, ) == 0x0
 00789  1764   NtProtectVirtualMemory  (-1, (0x1abe000), 4096, 260, ...
 00790   444   NtWaitForSingleObject  (96, 0, 0x0, ...
 00789  1764   NtProtectVirtualMemory  ... (0x1abe000), 4096, 4, ) == 0x0
 00791  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 152, {1304, 1904}, ) == 0x0
 00792  1764   NtQueryInformationThread  (152, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa9000,Pid=1304,Tid=1904,}, 0x0, ) == 0x0
 00793  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58001, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0\30\5\0\0p\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0\30\5\0\0p\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58002, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0\30\5\0\0p\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0\30\5\0\0p\7\0\0" )  ) == 0x0
 00794  1764   NtResumeThread  (152, ... 1, ) == 0x0
 00795  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 28049408, 1048576, ) == 0x0
 00796  1904   NtWaitForSingleObject  (96, 0, 0x0, ...
 00797  1764   NtAllocateVirtualMemory  (-1, 29089792, 0, 8192, 4096, 4, ... 29089792, 8192, ) == 0x0
 00798  1764   NtProtectVirtualMemory  (-1, (0x1bbe000), 4096, 260, ... (0x1bbe000), 4096, 4, ) == 0x0
 00799  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 156, {1304, 1936}, ) == 0x0
 00800  1764   NtQueryInformationThread  (156, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa8000,Pid=1304,Tid=1936,}, 0x0, ) == 0x0
 00801  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58002, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0\30\5\0\0\220\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0\30\5\0\0\220\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58003, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0\30\5\0\0\220\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0\30\5\0\0\220\7\0\0" )  ) == 0x0
 00802  1764   NtResumeThread  (156, ... 1, ) == 0x0
 00803  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 29097984, 1048576, ) == 0x0
 00804  1764   NtAllocateVirtualMemory  (-1, 30138368, 0, 8192, 4096, 4, ... 30138368, 8192, ) == 0x0
 00805  1764   NtProtectVirtualMemory  (-1, (0x1cbe000), 4096, 260, ...
 00806  1936   NtWaitForSingleObject  (96, 0, 0x0, ...
 00805  1764   NtProtectVirtualMemory  ... (0x1cbe000), 4096, 4, ) == 0x0
 00807  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 160, {1304, 1648}, ) == 0x0
 00808  1764   NtQueryInformationThread  (160, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa7000,Pid=1304,Tid=1648,}, 0x0, ) == 0x0
 00809  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58003, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\0\0\0\30\5\0\0p\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\0\0\0\30\5\0\0p\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58004, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\0\0\0\30\5\0\0p\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\0\0\0\30\5\0\0p\6\0\0" )  ) == 0x0
 00810  1764   NtResumeThread  (160, ... 1, ) == 0x0
 00811  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 30146560, 1048576, ) == 0x0
 00812  1648   NtWaitForSingleObject  (96, 0, 0x0, ...
 00813  1764   NtAllocateVirtualMemory  (-1, 31186944, 0, 8192, 4096, 4, ... 31186944, 8192, ) == 0x0
 00814  1764   NtProtectVirtualMemory  (-1, (0x1dbe000), 4096, 260, ... (0x1dbe000), 4096, 4, ) == 0x0
 00815  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 164, {1304, 148}, ) == 0x0
 00816  1764   NtQueryInformationThread  (164, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa6000,Pid=1304,Tid=148,}, 0x0, ) == 0x0
 00817  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58004, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0\30\5\0\0\224\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0\30\5\0\0\224\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58005, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0\30\5\0\0\224\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0\30\5\0\0\224\0\0\0" )  ) == 0x0
 00818  1764   NtResumeThread  (164, ... 1, ) == 0x0
 00819  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 31195136, 1048576, ) == 0x0
 00820  1764   NtAllocateVirtualMemory  (-1, 32235520, 0, 8192, 4096, 4, ... 32235520, 8192, ) == 0x0
 00821  1764   NtProtectVirtualMemory  (-1, (0x1ebe000), 4096, 260, ...
 00822   148   NtWaitForSingleObject  (96, 0, 0x0, ...
 00821  1764   NtProtectVirtualMemory  ... (0x1ebe000), 4096, 4, ) == 0x0
 00823  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 168, {1304, 1828}, ) == 0x0
 00824  1764   NtQueryInformationThread  (168, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa5000,Pid=1304,Tid=1828,}, 0x0, ) == 0x0
 00825  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58005, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\0\0\0\30\5\0\0$\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\0\0\0\30\5\0\0$\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58006, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\0\0\0\30\5\0\0$\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\0\0\0\30\5\0\0$\7\0\0" )  ) == 0x0
 00826  1764   NtResumeThread  (168, ... 1, ) == 0x0
 00827  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 32243712, 1048576, ) == 0x0
 00828  1828   NtWaitForSingleObject  (96, 0, 0x0, ...
 00829  1764   NtAllocateVirtualMemory  (-1, 33284096, 0, 8192, 4096, 4, ... 33284096, 8192, ) == 0x0
 00830  1764   NtProtectVirtualMemory  (-1, (0x1fbe000), 4096, 260, ... (0x1fbe000), 4096, 4, ) == 0x0
 00831  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 172, {1304, 1864}, ) == 0x0
 00832  1764   NtQueryInformationThread  (172, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa4000,Pid=1304,Tid=1864,}, 0x0, ) == 0x0
 00833  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58006, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\0\0\0\30\5\0\0H\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\0\0\0\30\5\0\0H\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58007, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\0\0\0\30\5\0\0H\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\0\0\0\30\5\0\0H\7\0\0" )  ) == 0x0
 00834  1764   NtResumeThread  (172, ... 1, ) == 0x0
 00835  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 33292288, 1048576, ) == 0x0
 00836  1764   NtAllocateVirtualMemory  (-1, 34332672, 0, 8192, 4096, 4, ... 34332672, 8192, ) == 0x0
 00837  1764   NtProtectVirtualMemory  (-1, (0x20be000), 4096, 260, ...
 00838  1864   NtWaitForSingleObject  (96, 0, 0x0, ...
 00837  1764   NtProtectVirtualMemory  ... (0x20be000), 4096, 4, ) == 0x0
 00839  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 176, {1304, 1896}, ) == 0x0
 00840  1764   NtQueryInformationThread  (176, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa3000,Pid=1304,Tid=1896,}, 0x0, ) == 0x0
 00841  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58007, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\0\0\0\30\5\0\0h\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\0\0\0\30\5\0\0h\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58008, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\0\0\0\30\5\0\0h\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\0\0\0\30\5\0\0h\7\0\0" )  ) == 0x0
 00842  1764   NtResumeThread  (176, ... 1, ) == 0x0
 00843  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 34340864, 1048576, ) == 0x0
 00844  1896   NtWaitForSingleObject  (96, 0, 0x0, ...
 00845  1764   NtAllocateVirtualMemory  (-1, 35381248, 0, 8192, 4096, 4, ... 35381248, 8192, ) == 0x0
 00846  1764   NtProtectVirtualMemory  (-1, (0x21be000), 4096, 260, ... (0x21be000), 4096, 4, ) == 0x0
 00847  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 180, {1304, 1524}, ) == 0x0
 00848  1764   NtQueryInformationThread  (180, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa2000,Pid=1304,Tid=1524,}, 0x0, ) == 0x0
 00849  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58008, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\0\0\0\30\5\0\0\364\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\0\0\0\30\5\0\0\364\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58009, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\0\0\0\30\5\0\0\364\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\0\0\0\30\5\0\0\364\5\0\0" )  ) == 0x0
 00850  1764   NtResumeThread  (180, ... 1, ) == 0x0
 00851  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 35389440, 1048576, ) == 0x0
 00852  1764   NtAllocateVirtualMemory  (-1, 36429824, 0, 8192, 4096, 4, ... 36429824, 8192, ) == 0x0
 00853  1764   NtProtectVirtualMemory  (-1, (0x22be000), 4096, 260, ...
 00854  1524   NtWaitForSingleObject  (96, 0, 0x0, ...
 00853  1764   NtProtectVirtualMemory  ... (0x22be000), 4096, 4, ) == 0x0
 00855  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 184, {1304, 2044}, ) == 0x0
 00856  1764   NtQueryInformationThread  (184, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa1000,Pid=1304,Tid=2044,}, 0x0, ) == 0x0
 00857  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58009, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\0\0\0\30\5\0\0\374\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\0\0\0\30\5\0\0\374\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58010, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\0\0\0\30\5\0\0\374\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\0\0\0\30\5\0\0\374\7\0\0" )  ) == 0x0
 00858  1764   NtResumeThread  (184, ... 1, ) == 0x0
 00859  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 36438016, 1048576, ) == 0x0
 00860  2044   NtWaitForSingleObject  (96, 0, 0x0, ...
 00861  1764   NtAllocateVirtualMemory  (-1, 37478400, 0, 8192, 4096, 4, ... 37478400, 8192, ) == 0x0
 00862  1764   NtProtectVirtualMemory  (-1, (0x23be000), 4096, 260, ... (0x23be000), 4096, 4, ) == 0x0
 00863  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 188, {1304, 968}, ) == 0x0
 00864  1764   NtQueryInformationThread  (188, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa0000,Pid=1304,Tid=968,}, 0x0, ) == 0x0
 00865  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58010, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\0\0\0\30\5\0\0\310\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\0\0\0\30\5\0\0\310\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58011, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\0\0\0\30\5\0\0\310\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\0\0\0\30\5\0\0\310\3\0\0" )  ) == 0x0
 00866  1764   NtResumeThread  (188, ... 1, ) == 0x0
 00867  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 37486592, 1048576, ) == 0x0
 00868  1764   NtAllocateVirtualMemory  (-1, 38526976, 0, 8192, 4096, 4, ... 38526976, 8192, ) == 0x0
 00869  1764   NtProtectVirtualMemory  (-1, (0x24be000), 4096, 260, ...
 00870   968   NtWaitForSingleObject  (96, 0, 0x0, ...
 00869  1764   NtProtectVirtualMemory  ... (0x24be000), 4096, 4, ) == 0x0
 00871  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 192, {1304, 308}, ) == 0x0
 00872  1764   NtQueryInformationThread  (192, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9f000,Pid=1304,Tid=308,}, 0x0, ) == 0x0
 00873  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58011, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0\30\5\0\04\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0\30\5\0\04\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58012, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0\30\5\0\04\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0\30\5\0\04\1\0\0" )  ) == 0x0
 00874  1764   NtResumeThread  (192, ... 1, ) == 0x0
 00875  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 38535168, 1048576, ) == 0x0
 00876   308   NtWaitForSingleObject  (96, 0, 0x0, ...
 00877  1764   NtAllocateVirtualMemory  (-1, 39575552, 0, 8192, 4096, 4, ... 39575552, 8192, ) == 0x0
 00878  1764   NtProtectVirtualMemory  (-1, (0x25be000), 4096, 260, ... (0x25be000), 4096, 4, ) == 0x0
 00879  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 196, {1304, 764}, ) == 0x0
 00880  1764   NtQueryInformationThread  (196, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9e000,Pid=1304,Tid=764,}, 0x0, ) == 0x0
 00881  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58012, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\0\0\0\30\5\0\0\374\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\0\0\0\30\5\0\0\374\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58013, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\0\0\0\30\5\0\0\374\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\0\0\0\30\5\0\0\374\2\0\0" )  ) == 0x0
 00882  1764   NtResumeThread  (196, ... 1, ) == 0x0
 00883  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 39583744, 1048576, ) == 0x0
 00884  1764   NtAllocateVirtualMemory  (-1, 40624128, 0, 8192, 4096, 4, ... 40624128, 8192, ) == 0x0
 00885  1764   NtProtectVirtualMemory  (-1, (0x26be000), 4096, 260, ...
 00886   764   NtWaitForSingleObject  (96, 0, 0x0, ...
 00885  1764   NtProtectVirtualMemory  ... (0x26be000), 4096, 4, ) == 0x0
 00887  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 200, {1304, 2000}, ) == 0x0
 00888  1764   NtQueryInformationThread  (200, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9d000,Pid=1304,Tid=2000,}, 0x0, ) == 0x0
 00889  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58013, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0\30\5\0\0\320\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0\30\5\0\0\320\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58014, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0\30\5\0\0\320\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0\30\5\0\0\320\7\0\0" )  ) == 0x0
 00890  1764   NtResumeThread  (200, ... 1, ) == 0x0
 00891  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 40632320, 1048576, ) == 0x0
 00892  2000   NtWaitForSingleObject  (96, 0, 0x0, ...
 00893  1764   NtAllocateVirtualMemory  (-1, 41672704, 0, 8192, 4096, 4, ... 41672704, 8192, ) == 0x0
 00894  1764   NtProtectVirtualMemory  (-1, (0x27be000), 4096, 260, ... (0x27be000), 4096, 4, ) == 0x0
 00895  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 204, {1304, 1852}, ) == 0x0
 00896  1764   NtQueryInformationThread  (204, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9c000,Pid=1304,Tid=1852,}, 0x0, ) == 0x0
 00897  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58014, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0\30\5\0\0<\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0\30\5\0\0<\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58015, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0\30\5\0\0<\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0\30\5\0\0<\7\0\0" )  ) == 0x0
 00898  1764   NtResumeThread  (204, ... 1, ) == 0x0
 00899  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 41680896, 1048576, ) == 0x0
 00900  1764   NtAllocateVirtualMemory  (-1, 42721280, 0, 8192, 4096, 4, ... 42721280, 8192, ) == 0x0
 00901  1764   NtProtectVirtualMemory  (-1, (0x28be000), 4096, 260, ...
 00902  1852   NtWaitForSingleObject  (96, 0, 0x0, ...
 00901  1764   NtProtectVirtualMemory  ... (0x28be000), 4096, 4, ) == 0x0
 00903  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 208, {1304, 1420}, ) == 0x0
 00904  1764   NtQueryInformationThread  (208, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9b000,Pid=1304,Tid=1420,}, 0x0, ) == 0x0
 00905  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58015, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\0\0\0\30\5\0\0\214\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\0\0\0\30\5\0\0\214\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58016, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\0\0\0\30\5\0\0\214\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\0\0\0\30\5\0\0\214\5\0\0" )  ) == 0x0
 00906  1764   NtResumeThread  (208, ... 1, ) == 0x0
 00907  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 42729472, 1048576, ) == 0x0
 00908  1420   NtWaitForSingleObject  (96, 0, 0x0, ...
 00909  1764   NtAllocateVirtualMemory  (-1, 43769856, 0, 8192, 4096, 4, ... 43769856, 8192, ) == 0x0
 00910  1764   NtProtectVirtualMemory  (-1, (0x29be000), 4096, 260, ... (0x29be000), 4096, 4, ) == 0x0
 00911  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 212, {1304, 164}, ) == 0x0
 00912  1764   NtQueryInformationThread  (212, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9a000,Pid=1304,Tid=164,}, 0x0, ) == 0x0
 00913  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58016, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\0\0\0\30\5\0\0\244\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\0\0\0\30\5\0\0\244\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58017, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\0\0\0\30\5\0\0\244\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\0\0\0\30\5\0\0\244\0\0\0" )  ) == 0x0
 00914  1764   NtResumeThread  (212, ... 1, ) == 0x0
 00915  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 43778048, 1048576, ) == 0x0
 00916  1764   NtAllocateVirtualMemory  (-1, 44818432, 0, 8192, 4096, 4, ... 44818432, 8192, ) == 0x0
 00917  1764   NtProtectVirtualMemory  (-1, (0x2abe000), 4096, 260, ...
 00918   164   NtWaitForSingleObject  (96, 0, 0x0, ...
 00917  1764   NtProtectVirtualMemory  ... (0x2abe000), 4096, 4, ) == 0x0
 00919  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 216, {1304, 1564}, ) == 0x0
 00920  1764   NtQueryInformationThread  (216, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff99000,Pid=1304,Tid=1564,}, 0x0, ) == 0x0
 00921  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58017, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0\30\5\0\0\34\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0\30\5\0\0\34\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58018, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0\30\5\0\0\34\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0\30\5\0\0\34\6\0\0" )  ) == 0x0
 00922  1764   NtResumeThread  (216, ... 1, ) == 0x0
 00923  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 44826624, 1048576, ) == 0x0
 00924  1564   NtWaitForSingleObject  (96, 0, 0x0, ...
 00925  1764   NtAllocateVirtualMemory  (-1, 45867008, 0, 8192, 4096, 4, ... 45867008, 8192, ) == 0x0
 00926  1764   NtProtectVirtualMemory  (-1, (0x2bbe000), 4096, 260, ... (0x2bbe000), 4096, 4, ) == 0x0
 00927  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 220, {1304, 1592}, ) == 0x0
 00928  1764   NtQueryInformationThread  (220, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff98000,Pid=1304,Tid=1592,}, 0x0, ) == 0x0
 00929  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58018, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0\30\5\0\08\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0\30\5\0\08\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58019, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0\30\5\0\08\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0\30\5\0\08\6\0\0" )  ) == 0x0
 00930  1764   NtResumeThread  (220, ... 1, ) == 0x0
 00931  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 45875200, 1048576, ) == 0x0
 00932  1764   NtAllocateVirtualMemory  (-1, 46915584, 0, 8192, 4096, 4, ... 46915584, 8192, ) == 0x0
 00933  1764   NtProtectVirtualMemory  (-1, (0x2cbe000), 4096, 260, ...
 00934  1592   NtWaitForSingleObject  (96, 0, 0x0, ...
 00933  1764   NtProtectVirtualMemory  ... (0x2cbe000), 4096, 4, ) == 0x0
 00935  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 224, {1304, 1500}, ) == 0x0
 00936  1764   NtQueryInformationThread  (224, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff97000,Pid=1304,Tid=1500,}, 0x0, ) == 0x0
 00937  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58019, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0\30\5\0\0\334\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0\30\5\0\0\334\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58020, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0\30\5\0\0\334\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0\30\5\0\0\334\5\0\0" )  ) == 0x0
 00938  1764   NtResumeThread  (224, ... 1, ) == 0x0
 00939  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 46923776, 1048576, ) == 0x0
 00940  1500   NtWaitForSingleObject  (96, 0, 0x0, ...
 00941  1764   NtAllocateVirtualMemory  (-1, 47964160, 0, 8192, 4096, 4, ... 47964160, 8192, ) == 0x0
 00942  1764   NtProtectVirtualMemory  (-1, (0x2dbe000), 4096, 260, ... (0x2dbe000), 4096, 4, ) == 0x0
 00943  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 228, {1304, 932}, ) == 0x0
 00944  1764   NtQueryInformationThread  (228, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff96000,Pid=1304,Tid=932,}, 0x0, ) == 0x0
 00945  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58020, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0\30\5\0\0\244\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0\30\5\0\0\244\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58021, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0\30\5\0\0\244\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0\30\5\0\0\244\3\0\0" )  ) == 0x0
 00946  1764   NtResumeThread  (228, ... 1, ) == 0x0
 00947  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 47972352, 1048576, ) == 0x0
 00948  1764   NtAllocateVirtualMemory  (-1, 49012736, 0, 8192, 4096, 4, ... 49012736, 8192, ) == 0x0
 00949  1764   NtProtectVirtualMemory  (-1, (0x2ebe000), 4096, 260, ...
 00950   932   NtWaitForSingleObject  (96, 0, 0x0, ...
 00949  1764   NtProtectVirtualMemory  ... (0x2ebe000), 4096, 4, ) == 0x0
 00951  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 232, {1304, 1528}, ) == 0x0
 00952  1764   NtQueryInformationThread  (232, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff95000,Pid=1304,Tid=1528,}, 0x0, ) == 0x0
 00953  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58021, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0\30\5\0\0\370\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0\30\5\0\0\370\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58022, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0\30\5\0\0\370\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0\30\5\0\0\370\5\0\0" )  ) == 0x0
 00954  1764   NtResumeThread  (232, ... 1, ) == 0x0
 00955  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 49020928, 1048576, ) == 0x0
 00956  1528   NtWaitForSingleObject  (96, 0, 0x0, ...
 00957  1764   NtAllocateVirtualMemory  (-1, 50061312, 0, 8192, 4096, 4, ... 50061312, 8192, ) == 0x0
 00958  1764   NtProtectVirtualMemory  (-1, (0x2fbe000), 4096, 260, ... (0x2fbe000), 4096, 4, ) == 0x0
 00959  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 236, {1304, 1780}, ) == 0x0
 00960  1764   NtQueryInformationThread  (236, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff94000,Pid=1304,Tid=1780,}, 0x0, ) == 0x0
 00961  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58022, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0\30\5\0\0\364\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0\30\5\0\0\364\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58023, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0\30\5\0\0\364\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0\30\5\0\0\364\6\0\0" )  ) == 0x0
 00962  1764   NtResumeThread  (236, ... 1, ) == 0x0
 00963  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 50069504, 1048576, ) == 0x0
 00964  1764   NtAllocateVirtualMemory  (-1, 51109888, 0, 8192, 4096, 4, ... 51109888, 8192, ) == 0x0
 00965  1764   NtProtectVirtualMemory  (-1, (0x30be000), 4096, 260, ...
 00966  1780   NtWaitForSingleObject  (96, 0, 0x0, ...
 00965  1764   NtProtectVirtualMemory  ... (0x30be000), 4096, 4, ) == 0x0
 00967  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 240, {1304, 1804}, ) == 0x0
 00968  1764   NtQueryInformationThread  (240, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff93000,Pid=1304,Tid=1804,}, 0x0, ) == 0x0
 00969  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58023, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0\30\5\0\0\14\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0\30\5\0\0\14\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58024, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0\30\5\0\0\14\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0\30\5\0\0\14\7\0\0" )  ) == 0x0
 00970  1764   NtResumeThread  (240, ... 1, ) == 0x0
 00971  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 51118080, 1048576, ) == 0x0
 00972  1804   NtWaitForSingleObject  (96, 0, 0x0, ...
 00973  1764   NtAllocateVirtualMemory  (-1, 52158464, 0, 8192, 4096, 4, ... 52158464, 8192, ) == 0x0
 00974  1764   NtProtectVirtualMemory  (-1, (0x31be000), 4096, 260, ... (0x31be000), 4096, 4, ) == 0x0
 00975  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 244, {1304, 1644}, ) == 0x0
 00976  1764   NtQueryInformationThread  (244, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff92000,Pid=1304,Tid=1644,}, 0x0, ) == 0x0
 00977  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58024, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0\30\5\0\0l\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0\30\5\0\0l\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58025, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0\30\5\0\0l\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0\30\5\0\0l\6\0\0" )  ) == 0x0
 00978  1764   NtResumeThread  (244, ... 1, ) == 0x0
 00979  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 52166656, 1048576, ) == 0x0
 00980  1764   NtAllocateVirtualMemory  (-1, 53207040, 0, 8192, 4096, 4, ... 53207040, 8192, ) == 0x0
 00981  1764   NtProtectVirtualMemory  (-1, (0x32be000), 4096, 260, ...
 00982  1644   NtWaitForSingleObject  (96, 0, 0x0, ...
 00981  1764   NtProtectVirtualMemory  ... (0x32be000), 4096, 4, ) == 0x0
 00983  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 248, {1304, 336}, ) == 0x0
 00984  1764   NtQueryInformationThread  (248, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff91000,Pid=1304,Tid=336,}, 0x0, ) == 0x0
 00985  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58025, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\0\0\0\30\5\0\0P\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\0\0\0\30\5\0\0P\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58026, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\0\0\0\30\5\0\0P\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\0\0\0\30\5\0\0P\1\0\0" )  ) == 0x0
 00986  1764   NtResumeThread  (248, ... 1, ) == 0x0
 00987  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 53215232, 1048576, ) == 0x0
 00988   336   NtWaitForSingleObject  (96, 0, 0x0, ...
 00989  1764   NtAllocateVirtualMemory  (-1, 54255616, 0, 8192, 4096, 4, ... 54255616, 8192, ) == 0x0
 00990  1764   NtProtectVirtualMemory  (-1, (0x33be000), 4096, 260, ... (0x33be000), 4096, 4, ) == 0x0
 00991  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 252, {1304, 800}, ) == 0x0
 00992  1764   NtQueryInformationThread  (252, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff90000,Pid=1304,Tid=800,}, 0x0, ) == 0x0
 00993  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58026, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\0\0\0\30\5\0\0 \3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\0\0\0\30\5\0\0 \3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58027, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\0\0\0\30\5\0\0 \3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\0\0\0\30\5\0\0 \3\0\0" )  ) == 0x0
 00994  1764   NtResumeThread  (252, ... 1, ) == 0x0
 00995  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 54263808, 1048576, ) == 0x0
 00996  1764   NtAllocateVirtualMemory  (-1, 55304192, 0, 8192, 4096, 4, ... 55304192, 8192, ) == 0x0
 00997  1764   NtProtectVirtualMemory  (-1, (0x34be000), 4096, 260, ...
 00998   800   NtWaitForSingleObject  (96, 0, 0x0, ...
 00997  1764   NtProtectVirtualMemory  ... (0x34be000), 4096, 4, ) == 0x0
 00999  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 256, {1304, 504}, ) == 0x0
 01000  1764   NtQueryInformationThread  (256, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8f000,Pid=1304,Tid=504,}, 0x0, ) == 0x0
 01001  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58027, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\1\0\0\30\5\0\0\370\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\1\0\0\30\5\0\0\370\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58028, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\1\0\0\30\5\0\0\370\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\1\0\0\30\5\0\0\370\1\0\0" )  ) == 0x0
 01002  1764   NtResumeThread  (256, ... 1, ) == 0x0
 01003  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 55312384, 1048576, ) == 0x0
 01004   504   NtWaitForSingleObject  (96, 0, 0x0, ...
 01005  1764   NtAllocateVirtualMemory  (-1, 56352768, 0, 8192, 4096, 4, ... 56352768, 8192, ) == 0x0
 01006  1764   NtProtectVirtualMemory  (-1, (0x35be000), 4096, 260, ... (0x35be000), 4096, 4, ) == 0x0
 01007  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 260, {1304, 888}, ) == 0x0
 01008  1764   NtQueryInformationThread  (260, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8e000,Pid=1304,Tid=888,}, 0x0, ) == 0x0
 01009  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58028, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\1\0\0\30\5\0\0x\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\1\0\0\30\5\0\0x\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58029, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\1\0\0\30\5\0\0x\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\1\0\0\30\5\0\0x\3\0\0" )  ) == 0x0
 01010  1764   NtResumeThread  (260, ... 1, ) == 0x0
 01011  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 56360960, 1048576, ) == 0x0
 01012  1764   NtAllocateVirtualMemory  (-1, 57401344, 0, 8192, 4096, 4, ... 57401344, 8192, ) == 0x0
 01013  1764   NtProtectVirtualMemory  (-1, (0x36be000), 4096, 260, ...
 01014   888   NtWaitForSingleObject  (96, 0, 0x0, ...
 01013  1764   NtProtectVirtualMemory  ... (0x36be000), 4096, 4, ) == 0x0
 01015  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 264, {1304, 1392}, ) == 0x0
 01016  1764   NtQueryInformationThread  (264, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8d000,Pid=1304,Tid=1392,}, 0x0, ) == 0x0
 01017  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58029, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\1\0\0\30\5\0\0p\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\1\0\0\30\5\0\0p\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58030, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\1\0\0\30\5\0\0p\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\1\0\0\30\5\0\0p\5\0\0" )  ) == 0x0
 01018  1764   NtResumeThread  (264, ... 1, ) == 0x0
 01019  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 57409536, 1048576, ) == 0x0
 01020  1392   NtWaitForSingleObject  (96, 0, 0x0, ...
 01021  1764   NtAllocateVirtualMemory  (-1, 58449920, 0, 8192, 4096, 4, ... 58449920, 8192, ) == 0x0
 01022  1764   NtProtectVirtualMemory  (-1, (0x37be000), 4096, 260, ... (0x37be000), 4096, 4, ) == 0x0
 01023  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 268, {1304, 2020}, ) == 0x0
 01024  1764   NtQueryInformationThread  (268, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8c000,Pid=1304,Tid=2020,}, 0x0, ) == 0x0
 01025  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58030, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\1\0\0\30\5\0\0\344\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\1\0\0\30\5\0\0\344\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58031, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\1\0\0\30\5\0\0\344\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\1\0\0\30\5\0\0\344\7\0\0" )  ) == 0x0
 01026  1764   NtResumeThread  (268, ... 1, ) == 0x0
 01027  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 58458112, 1048576, ) == 0x0
 01028  1764   NtAllocateVirtualMemory  (-1, 59498496, 0, 8192, 4096, 4, ... 59498496, 8192, ) == 0x0
 01029  1764   NtProtectVirtualMemory  (-1, (0x38be000), 4096, 260, ...
 01030  2020   NtWaitForSingleObject  (96, 0, 0x0, ...
 01029  1764   NtProtectVirtualMemory  ... (0x38be000), 4096, 4, ) == 0x0
 01031  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 272, {1304, 740}, ) == 0x0
 01032  1764   NtQueryInformationThread  (272, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8b000,Pid=1304,Tid=740,}, 0x0, ) == 0x0
 01033  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58031, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\1\0\0\30\5\0\0\344\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\1\0\0\30\5\0\0\344\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58032, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\1\0\0\30\5\0\0\344\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\1\0\0\30\5\0\0\344\2\0\0" )  ) == 0x0
 01034  1764   NtResumeThread  (272, ... 1, ) == 0x0
 01035  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 59506688, 1048576, ) == 0x0
 01036   740   NtWaitForSingleObject  (96, 0, 0x0, ...
 01037  1764   NtAllocateVirtualMemory  (-1, 60547072, 0, 8192, 4096, 4, ... 60547072, 8192, ) == 0x0
 01038  1764   NtProtectVirtualMemory  (-1, (0x39be000), 4096, 260, ... (0x39be000), 4096, 4, ) == 0x0
 01039  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 276, {1304, 1676}, ) == 0x0
 01040  1764   NtQueryInformationThread  (276, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8a000,Pid=1304,Tid=1676,}, 0x0, ) == 0x0
 01041  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58032, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\1\0\0\30\5\0\0\214\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\1\0\0\30\5\0\0\214\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58033, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\1\0\0\30\5\0\0\214\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\1\0\0\30\5\0\0\214\6\0\0" )  ) == 0x0
 01042  1764   NtResumeThread  (276, ... 1, ) == 0x0
 01043  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 60555264, 1048576, ) == 0x0
 01044  1764   NtAllocateVirtualMemory  (-1, 61595648, 0, 8192, 4096, 4, ... 61595648, 8192, ) == 0x0
 01045  1764   NtProtectVirtualMemory  (-1, (0x3abe000), 4096, 260, ...
 01046  1676   NtWaitForSingleObject  (96, 0, 0x0, ...
 01045  1764   NtProtectVirtualMemory  ... (0x3abe000), 4096, 4, ) == 0x0
 01047  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 280, {1304, 496}, ) == 0x0
 01048  1764   NtQueryInformationThread  (280, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff89000,Pid=1304,Tid=496,}, 0x0, ) == 0x0
 01049  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58033, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\1\0\0\30\5\0\0\360\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\1\0\0\30\5\0\0\360\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58034, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\1\0\0\30\5\0\0\360\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\1\0\0\30\5\0\0\360\1\0\0" )  ) == 0x0
 01050  1764   NtResumeThread  (280, ... 1, ) == 0x0
 01051  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 61603840, 1048576, ) == 0x0
 01052   496   NtWaitForSingleObject  (96, 0, 0x0, ...
 01053  1764   NtAllocateVirtualMemory  (-1, 62644224, 0, 8192, 4096, 4, ... 62644224, 8192, ) == 0x0
 01054  1764   NtProtectVirtualMemory  (-1, (0x3bbe000), 4096, 260, ... (0x3bbe000), 4096, 4, ) == 0x0
 01055  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 284, {1304, 1020}, ) == 0x0
 01056  1764   NtQueryInformationThread  (284, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff88000,Pid=1304,Tid=1020,}, 0x0, ) == 0x0
 01057  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58034, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\1\0\0\30\5\0\0\374\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\1\0\0\30\5\0\0\374\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58035, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\1\0\0\30\5\0\0\374\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\1\0\0\30\5\0\0\374\3\0\0" )  ) == 0x0
 01058  1764   NtResumeThread  (284, ... 1, ) == 0x0
 01059  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 62652416, 1048576, ) == 0x0
 01060  1764   NtAllocateVirtualMemory  (-1, 63692800, 0, 8192, 4096, 4, ... 63692800, 8192, ) == 0x0
 01061  1764   NtProtectVirtualMemory  (-1, (0x3cbe000), 4096, 260, ...
 01062  1020   NtWaitForSingleObject  (96, 0, 0x0, ...
 01061  1764   NtProtectVirtualMemory  ... (0x3cbe000), 4096, 4, ) == 0x0
 01063  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 288, {1304, 432}, ) == 0x0
 01064  1764   NtQueryInformationThread  (288, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff87000,Pid=1304,Tid=432,}, 0x0, ) == 0x0
 01065  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58035, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \1\0\0\30\5\0\0\260\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \1\0\0\30\5\0\0\260\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58036, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \1\0\0\30\5\0\0\260\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \1\0\0\30\5\0\0\260\1\0\0" )  ) == 0x0
 01066  1764   NtResumeThread  (288, ... 1, ) == 0x0
 01067  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 63700992, 1048576, ) == 0x0
 01068   432   NtWaitForSingleObject  (96, 0, 0x0, ...
 01069  1764   NtAllocateVirtualMemory  (-1, 64741376, 0, 8192, 4096, 4, ... 64741376, 8192, ) == 0x0
 01070  1764   NtProtectVirtualMemory  (-1, (0x3dbe000), 4096, 260, ... (0x3dbe000), 4096, 4, ) == 0x0
 01071  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 292, {1304, 1332}, ) == 0x0
 01072  1764   NtQueryInformationThread  (292, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff86000,Pid=1304,Tid=1332,}, 0x0, ) == 0x0
 01073  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58036, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\1\0\0\30\5\0\04\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\1\0\0\30\5\0\04\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58037, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\1\0\0\30\5\0\04\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\1\0\0\30\5\0\04\5\0\0" )  ) == 0x0
 01074  1764   NtResumeThread  (292, ... 1, ) == 0x0
 01075  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 64749568, 1048576, ) == 0x0
 01076  1764   NtAllocateVirtualMemory  (-1, 65789952, 0, 8192, 4096, 4, ... 65789952, 8192, ) == 0x0
 01077  1764   NtProtectVirtualMemory  (-1, (0x3ebe000), 4096, 260, ...
 01078  1332   NtWaitForSingleObject  (96, 0, 0x0, ...
 01077  1764   NtProtectVirtualMemory  ... (0x3ebe000), 4096, 4, ) == 0x0
 01079  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 296, {1304, 1328}, ) == 0x0
 01080  1764   NtQueryInformationThread  (296, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff85000,Pid=1304,Tid=1328,}, 0x0, ) == 0x0
 01081  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58037, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\1\0\0\30\5\0\00\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\1\0\0\30\5\0\00\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58038, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\1\0\0\30\5\0\00\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\1\0\0\30\5\0\00\5\0\0" )  ) == 0x0
 01082  1764   NtResumeThread  (296, ... 1, ) == 0x0
 01083  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 65798144, 1048576, ) == 0x0
 01084  1328   NtWaitForSingleObject  (96, 0, 0x0, ...
 01085  1764   NtAllocateVirtualMemory  (-1, 66838528, 0, 8192, 4096, 4, ... 66838528, 8192, ) == 0x0
 01086  1764   NtProtectVirtualMemory  (-1, (0x3fbe000), 4096, 260, ... (0x3fbe000), 4096, 4, ) == 0x0
 01087  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 300, {1304, 752}, ) == 0x0
 01088  1764   NtQueryInformationThread  (300, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff84000,Pid=1304,Tid=752,}, 0x0, ) == 0x0
 01089  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58038, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\1\0\0\30\5\0\0\360\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\1\0\0\30\5\0\0\360\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58039, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\1\0\0\30\5\0\0\360\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\1\0\0\30\5\0\0\360\2\0\0" )  ) == 0x0
 01090  1764   NtResumeThread  (300, ... 1, ) == 0x0
 01091  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 66846720, 1048576, ) == 0x0
 01092  1764   NtAllocateVirtualMemory  (-1, 67887104, 0, 8192, 4096, 4, ... 67887104, 8192, ) == 0x0
 01093  1764   NtProtectVirtualMemory  (-1, (0x40be000), 4096, 260, ...
 01094   752   NtWaitForSingleObject  (96, 0, 0x0, ...
 01093  1764   NtProtectVirtualMemory  ... (0x40be000), 4096, 4, ) == 0x0
 01095  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 304, {1304, 120}, ) == 0x0
 01096  1764   NtQueryInformationThread  (304, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff83000,Pid=1304,Tid=120,}, 0x0, ) == 0x0
 01097  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58039, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0\30\5\0\0x\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0\30\5\0\0x\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58040, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0\30\5\0\0x\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0\30\5\0\0x\0\0\0" )  ) == 0x0
 01098  1764   NtResumeThread  (304, ... 1, ) == 0x0
 01099  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 67895296, 1048576, ) == 0x0
 01100   120   NtWaitForSingleObject  (96, 0, 0x0, ...
 01101  1764   NtAllocateVirtualMemory  (-1, 68935680, 0, 8192, 4096, 4, ... 68935680, 8192, ) == 0x0
 01102  1764   NtProtectVirtualMemory  (-1, (0x41be000), 4096, 260, ... (0x41be000), 4096, 4, ) == 0x0
 01103  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 308, {1304, 1732}, ) == 0x0
 01104  1764   NtQueryInformationThread  (308, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff82000,Pid=1304,Tid=1732,}, 0x0, ) == 0x0
 01105  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58040, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\1\0\0\30\5\0\0\304\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\1\0\0\30\5\0\0\304\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58041, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\1\0\0\30\5\0\0\304\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\1\0\0\30\5\0\0\304\6\0\0" )  ) == 0x0
 01106  1764   NtResumeThread  (308, ... 1, ) == 0x0
 01107  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 68943872, 1048576, ) == 0x0
 01108  1764   NtAllocateVirtualMemory  (-1, 69984256, 0, 8192, 4096, 4, ... 69984256, 8192, ) == 0x0
 01109  1764   NtProtectVirtualMemory  (-1, (0x42be000), 4096, 260, ...
 01110  1732   NtWaitForSingleObject  (96, 0, 0x0, ...
 01109  1764   NtProtectVirtualMemory  ... (0x42be000), 4096, 4, ) == 0x0
 01111  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 312, {1304, 188}, ) == 0x0
 01112  1764   NtQueryInformationThread  (312, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff81000,Pid=1304,Tid=188,}, 0x0, ) == 0x0
 01113  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58041, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0\30\5\0\0\274\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0\30\5\0\0\274\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58042, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0\30\5\0\0\274\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0\30\5\0\0\274\0\0\0" )  ) == 0x0
 01114  1764   NtResumeThread  (312, ... 1, ) == 0x0
 01115  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 69992448, 1048576, ) == 0x0
 01116   188   NtWaitForSingleObject  (96, 0, 0x0, ...
 01117  1764   NtAllocateVirtualMemory  (-1, 71032832, 0, 8192, 4096, 4, ... 71032832, 8192, ) == 0x0
 01118  1764   NtProtectVirtualMemory  (-1, (0x43be000), 4096, 260, ... (0x43be000), 4096, 4, ) == 0x0
 01119  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 316, {1304, 1636}, ) == 0x0
 01120  1764   NtQueryInformationThread  (316, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff80000,Pid=1304,Tid=1636,}, 0x0, ) == 0x0
 01121  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58042, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\1\0\0\30\5\0\0d\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\1\0\0\30\5\0\0d\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58043, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\1\0\0\30\5\0\0d\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\1\0\0\30\5\0\0d\6\0\0" )  ) == 0x0
 01122  1764   NtResumeThread  (316, ... 1, ) == 0x0
 01123  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 71041024, 1048576, ) == 0x0
 01124  1764   NtAllocateVirtualMemory  (-1, 72081408, 0, 8192, 4096, 4, ... 72081408, 8192, ) == 0x0
 01125  1764   NtProtectVirtualMemory  (-1, (0x44be000), 4096, 260, ...
 01126  1636   NtWaitForSingleObject  (96, 0, 0x0, ...
 01125  1764   NtProtectVirtualMemory  ... (0x44be000), 4096, 4, ) == 0x0
 01127  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 320, {1304, 624}, ) == 0x0
 01128  1764   NtQueryInformationThread  (320, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7f000,Pid=1304,Tid=624,}, 0x0, ) == 0x0
 01129  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58043, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0\30\5\0\0p\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0\30\5\0\0p\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58044, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0\30\5\0\0p\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0\30\5\0\0p\2\0\0" )  ) == 0x0
 01130  1764   NtResumeThread  (320, ... 1, ) == 0x0
 01131  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 72089600, 1048576, ) == 0x0
 01132   624   NtWaitForSingleObject  (96, 0, 0x0, ...
 01133  1764   NtAllocateVirtualMemory  (-1, 73129984, 0, 8192, 4096, 4, ... 73129984, 8192, ) == 0x0
 01134  1764   NtProtectVirtualMemory  (-1, (0x45be000), 4096, 260, ... (0x45be000), 4096, 4, ) == 0x0
 01135  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 324, {1304, 1948}, ) == 0x0
 01136  1764   NtQueryInformationThread  (324, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7e000,Pid=1304,Tid=1948,}, 0x0, ) == 0x0
 01137  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58044, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\1\0\0\30\5\0\0\234\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\1\0\0\30\5\0\0\234\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58045, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\1\0\0\30\5\0\0\234\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\1\0\0\30\5\0\0\234\7\0\0" )  ) == 0x0
 01138  1764   NtResumeThread  (324, ... 1, ) == 0x0
 01139  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 73138176, 1048576, ) == 0x0
 01140  1764   NtAllocateVirtualMemory  (-1, 74178560, 0, 8192, 4096, 4, ... 74178560, 8192, ) == 0x0
 01141  1764   NtProtectVirtualMemory  (-1, (0x46be000), 4096, 260, ...
 01142  1948   NtWaitForSingleObject  (96, 0, 0x0, ...
 01141  1764   NtProtectVirtualMemory  ... (0x46be000), 4096, 4, ) == 0x0
 01143  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 328, {1304, 988}, ) == 0x0
 01144  1764   NtQueryInformationThread  (328, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7d000,Pid=1304,Tid=988,}, 0x0, ) == 0x0
 01145  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58045, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0\30\5\0\0\334\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0\30\5\0\0\334\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58046, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0\30\5\0\0\334\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0\30\5\0\0\334\3\0\0" )  ) == 0x0
 01146  1764   NtResumeThread  (328, ... 1, ) == 0x0
 01147  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 74186752, 1048576, ) == 0x0
 01148   988   NtWaitForSingleObject  (96, 0, 0x0, ...
 01149  1764   NtAllocateVirtualMemory  (-1, 75227136, 0, 8192, 4096, 4, ... 75227136, 8192, ) == 0x0
 01150  1764   NtProtectVirtualMemory  (-1, (0x47be000), 4096, 260, ... (0x47be000), 4096, 4, ) == 0x0
 01151  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 332, {1304, 468}, ) == 0x0
 01152  1764   NtQueryInformationThread  (332, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7c000,Pid=1304,Tid=468,}, 0x0, ) == 0x0
 01153  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58046, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\1\0\0\30\5\0\0\324\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\1\0\0\30\5\0\0\324\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58047, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\1\0\0\30\5\0\0\324\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\1\0\0\30\5\0\0\324\1\0\0" )  ) == 0x0
 01154  1764   NtResumeThread  (332, ... 1, ) == 0x0
 01155  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 75235328, 1048576, ) == 0x0
 01156  1764   NtAllocateVirtualMemory  (-1, 76275712, 0, 8192, 4096, 4, ... 76275712, 8192, ) == 0x0
 01157  1764   NtProtectVirtualMemory  (-1, (0x48be000), 4096, 260, ...
 01158   468   NtWaitForSingleObject  (96, 0, 0x0, ...
 01157  1764   NtProtectVirtualMemory  ... (0x48be000), 4096, 4, ) == 0x0
 01159  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 336, {1304, 380}, ) == 0x0
 01160  1764   NtQueryInformationThread  (336, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7b000,Pid=1304,Tid=380,}, 0x0, ) == 0x0
 01161  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58047, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\1\0\0\30\5\0\0|\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\1\0\0\30\5\0\0|\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58048, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\1\0\0\30\5\0\0|\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\1\0\0\30\5\0\0|\1\0\0" )  ) == 0x0
 01162  1764   NtResumeThread  (336, ... 1, ) == 0x0
 01163  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 76283904, 1048576, ) == 0x0
 01164   380   NtWaitForSingleObject  (96, 0, 0x0, ...
 01165  1764   NtAllocateVirtualMemory  (-1, 77324288, 0, 8192, 4096, 4, ... 77324288, 8192, ) == 0x0
 01166  1764   NtProtectVirtualMemory  (-1, (0x49be000), 4096, 260, ... (0x49be000), 4096, 4, ) == 0x0
 01167  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 340, {1304, 1692}, ) == 0x0
 01168  1764   NtQueryInformationThread  (340, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7a000,Pid=1304,Tid=1692,}, 0x0, ) == 0x0
 01169  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58048, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0\30\5\0\0\234\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0\30\5\0\0\234\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58049, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0\30\5\0\0\234\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0\30\5\0\0\234\6\0\0" )  ) == 0x0
 01170  1764   NtResumeThread  (340, ... 1, ) == 0x0
 01171  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 77332480, 1048576, ) == 0x0
 01172  1764   NtAllocateVirtualMemory  (-1, 78372864, 0, 8192, 4096, 4, ... 78372864, 8192, ) == 0x0
 01173  1764   NtProtectVirtualMemory  (-1, (0x4abe000), 4096, 260, ...
 01174  1692   NtWaitForSingleObject  (96, 0, 0x0, ...
 01173  1764   NtProtectVirtualMemory  ... (0x4abe000), 4096, 4, ) == 0x0
 01175  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 344, {1304, 1792}, ) == 0x0
 01176  1764   NtQueryInformationThread  (344, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff79000,Pid=1304,Tid=1792,}, 0x0, ) == 0x0
 01177  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58049, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\1\0\0\30\5\0\0\0\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\1\0\0\30\5\0\0\0\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58050, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\1\0\0\30\5\0\0\0\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\1\0\0\30\5\0\0\0\7\0\0" )  ) == 0x0
 01178  1764   NtResumeThread  (344, ... 1, ) == 0x0
 01179  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 78381056, 1048576, ) == 0x0
 01180  1792   NtWaitForSingleObject  (96, 0, 0x0, ...
 01181  1764   NtAllocateVirtualMemory  (-1, 79421440, 0, 8192, 4096, 4, ... 79421440, 8192, ) == 0x0
 01182  1764   NtProtectVirtualMemory  (-1, (0x4bbe000), 4096, 260, ... (0x4bbe000), 4096, 4, ) == 0x0
 01183  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 348, {1304, 784}, ) == 0x0
 01184  1764   NtQueryInformationThread  (348, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff78000,Pid=1304,Tid=784,}, 0x0, ) == 0x0
 01185  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58050, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0\30\5\0\0\20\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0\30\5\0\0\20\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58051, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0\30\5\0\0\20\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0\30\5\0\0\20\3\0\0" )  ) == 0x0
 01186  1764   NtResumeThread  (348, ... 1, ) == 0x0
 01187  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 79429632, 1048576, ) == 0x0
 01188  1764   NtAllocateVirtualMemory  (-1, 80470016, 0, 8192, 4096, 4, ... 80470016, 8192, ) == 0x0
 01189  1764   NtProtectVirtualMemory  (-1, (0x4cbe000), 4096, 260, ...
 01190   784   NtWaitForSingleObject  (96, 0, 0x0, ...
 01189  1764   NtProtectVirtualMemory  ... (0x4cbe000), 4096, 4, ) == 0x0
 01191  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 352, {1304, 1520}, ) == 0x0
 01192  1764   NtQueryInformationThread  (352, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff77000,Pid=1304,Tid=1520,}, 0x0, ) == 0x0
 01193  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58051, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\1\0\0\30\5\0\0\360\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\1\0\0\30\5\0\0\360\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58052, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\1\0\0\30\5\0\0\360\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\1\0\0\30\5\0\0\360\5\0\0" )  ) == 0x0
 01194  1764   NtResumeThread  (352, ... 1, ) == 0x0
 01195  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 80478208, 1048576, ) == 0x0
 01196  1520   NtWaitForSingleObject  (96, 0, 0x0, ...
 01197  1764   NtAllocateVirtualMemory  (-1, 81518592, 0, 8192, 4096, 4, ... 81518592, 8192, ) == 0x0
 01198  1764   NtProtectVirtualMemory  (-1, (0x4dbe000), 4096, 260, ... (0x4dbe000), 4096, 4, ) == 0x0
 01199  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 356, {1304, 1696}, ) == 0x0
 01200  1764   NtQueryInformationThread  (356, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff76000,Pid=1304,Tid=1696,}, 0x0, ) == 0x0
 01201  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58052, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\1\0\0\30\5\0\0\240\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\1\0\0\30\5\0\0\240\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58053, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\1\0\0\30\5\0\0\240\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\1\0\0\30\5\0\0\240\6\0\0" )  ) == 0x0
 01202  1764   NtResumeThread  (356, ... 1, ) == 0x0
 01203  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 81526784, 1048576, ) == 0x0
 01204  1764   NtAllocateVirtualMemory  (-1, 82567168, 0, 8192, 4096, 4, ... 82567168, 8192, ) == 0x0
 01205  1764   NtProtectVirtualMemory  (-1, (0x4ebe000), 4096, 260, ...
 01206  1696   NtWaitForSingleObject  (96, 0, 0x0, ...
 01205  1764   NtProtectVirtualMemory  ... (0x4ebe000), 4096, 4, ) == 0x0
 01207  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 360, {1304, 1744}, ) == 0x0
 01208  1764   NtQueryInformationThread  (360, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff75000,Pid=1304,Tid=1744,}, 0x0, ) == 0x0
 01209  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58053, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\1\0\0\30\5\0\0\320\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\1\0\0\30\5\0\0\320\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58054, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\1\0\0\30\5\0\0\320\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\1\0\0\30\5\0\0\320\6\0\0" )  ) == 0x0
 01210  1764   NtResumeThread  (360, ... 1, ) == 0x0
 01211  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 82575360, 1048576, ) == 0x0
 01212  1744   NtWaitForSingleObject  (96, 0, 0x0, ...
 01213  1764   NtAllocateVirtualMemory  (-1, 83615744, 0, 8192, 4096, 4, ... 83615744, 8192, ) == 0x0
 01214  1764   NtProtectVirtualMemory  (-1, (0x4fbe000), 4096, 260, ... (0x4fbe000), 4096, 4, ) == 0x0
 01215  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 364, {1304, 1124}, ) == 0x0
 01216  1764   NtQueryInformationThread  (364, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff74000,Pid=1304,Tid=1124,}, 0x0, ) == 0x0
 01217  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58054, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\1\0\0\30\5\0\0d\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\1\0\0\30\5\0\0d\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58055, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\1\0\0\30\5\0\0d\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\1\0\0\30\5\0\0d\4\0\0" )  ) == 0x0
 01218  1764   NtResumeThread  (364, ... 1, ) == 0x0
 01219  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 83623936, 1048576, ) == 0x0
 01220  1764   NtAllocateVirtualMemory  (-1, 84664320, 0, 8192, 4096, 4, ... 84664320, 8192, ) == 0x0
 01221  1764   NtProtectVirtualMemory  (-1, (0x50be000), 4096, 260, ...
 01222  1124   NtWaitForSingleObject  (96, 0, 0x0, ...
 01221  1764   NtProtectVirtualMemory  ... (0x50be000), 4096, 4, ) == 0x0
 01223  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 368, {1304, 1496}, ) == 0x0
 01224  1764   NtQueryInformationThread  (368, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff73000,Pid=1304,Tid=1496,}, 0x0, ) == 0x0
 01225  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58055, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0\30\5\0\0\330\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0\30\5\0\0\330\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58056, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0\30\5\0\0\330\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0\30\5\0\0\330\5\0\0" )  ) == 0x0
 01226  1764   NtResumeThread  (368, ... 1, ) == 0x0
 01227  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 84672512, 1048576, ) == 0x0
 01228  1496   NtWaitForSingleObject  (96, 0, 0x0, ...
 01229  1764   NtAllocateVirtualMemory  (-1, 85712896, 0, 8192, 4096, 4, ... 85712896, 8192, ) == 0x0
 01230  1764   NtProtectVirtualMemory  (-1, (0x51be000), 4096, 260, ... (0x51be000), 4096, 4, ) == 0x0
 01231  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 372, {1304, 168}, ) == 0x0
 01232  1764   NtQueryInformationThread  (372, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff72000,Pid=1304,Tid=168,}, 0x0, ) == 0x0
 01233  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58056, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0\30\5\0\0\250\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0\30\5\0\0\250\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58057, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0\30\5\0\0\250\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0\30\5\0\0\250\0\0\0" )  ) == 0x0
 01234  1764   NtResumeThread  (372, ... 1, ) == 0x0
 01235  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 85721088, 1048576, ) == 0x0
 01236  1764   NtAllocateVirtualMemory  (-1, 86761472, 0, 8192, 4096, 4, ... 86761472, 8192, ) == 0x0
 01237  1764   NtProtectVirtualMemory  (-1, (0x52be000), 4096, 260, ...
 01238   168   NtWaitForSingleObject  (96, 0, 0x0, ...
 01237  1764   NtProtectVirtualMemory  ... (0x52be000), 4096, 4, ) == 0x0
 01239  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 376, {1304, 1284}, ) == 0x0
 01240  1764   NtQueryInformationThread  (376, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff71000,Pid=1304,Tid=1284,}, 0x0, ) == 0x0
 01241  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58057, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0\30\5\0\0\4\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0\30\5\0\0\4\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58058, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0\30\5\0\0\4\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0\30\5\0\0\4\5\0\0" )  ) == 0x0
 01242  1764   NtResumeThread  (376, ... 1, ) == 0x0
 01243  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 86769664, 1048576, ) == 0x0
 01244  1284   NtWaitForSingleObject  (96, 0, 0x0, ...
 01245  1764   NtAllocateVirtualMemory  (-1, 87810048, 0, 8192, 4096, 4, ... 87810048, 8192, ) == 0x0
 01246  1764   NtProtectVirtualMemory  (-1, (0x53be000), 4096, 260, ... (0x53be000), 4096, 4, ) == 0x0
 01247  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 380, {1304, 1268}, ) == 0x0
 01248  1764   NtQueryInformationThread  (380, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff70000,Pid=1304,Tid=1268,}, 0x0, ) == 0x0
 01249  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58058, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0\30\5\0\0\364\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0\30\5\0\0\364\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58059, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0\30\5\0\0\364\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0\30\5\0\0\364\4\0\0" )  ) == 0x0
 01250  1764   NtResumeThread  (380, ... 1, ) == 0x0
 01251  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 87818240, 1048576, ) == 0x0
 01252  1764   NtAllocateVirtualMemory  (-1, 88858624, 0, 8192, 4096, 4, ... 88858624, 8192, ) == 0x0
 01253  1764   NtProtectVirtualMemory  (-1, (0x54be000), 4096, 260, ...
 01254  1268   NtWaitForSingleObject  (96, 0, 0x0, ...
 01253  1764   NtProtectVirtualMemory  ... (0x54be000), 4096, 4, ) == 0x0
 01255  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 384, {1304, 840}, ) == 0x0
 01256  1764   NtQueryInformationThread  (384, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6f000,Pid=1304,Tid=840,}, 0x0, ) == 0x0
 01257  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58059, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0\30\5\0\0H\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0\30\5\0\0H\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58060, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0\30\5\0\0H\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0\30\5\0\0H\3\0\0" )  ) == 0x0
 01258  1764   NtResumeThread  (384, ... 1, ) == 0x0
 01259  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 88866816, 1048576, ) == 0x0
 01260   840   NtWaitForSingleObject  (96, 0, 0x0, ...
 01261  1764   NtAllocateVirtualMemory  (-1, 89907200, 0, 8192, 4096, 4, ... 89907200, 8192, ) == 0x0
 01262  1764   NtProtectVirtualMemory  (-1, (0x55be000), 4096, 260, ... (0x55be000), 4096, 4, ) == 0x0
 01263  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 388, {1304, 1336}, ) == 0x0
 01264  1764   NtQueryInformationThread  (388, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6e000,Pid=1304,Tid=1336,}, 0x0, ) == 0x0
 01265  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58060, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0\30\5\0\08\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0\30\5\0\08\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58061, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0\30\5\0\08\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0\30\5\0\08\5\0\0" )  ) == 0x0
 01266  1764   NtResumeThread  (388, ... 1, ) == 0x0
 01267  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 89915392, 1048576, ) == 0x0
 01268  1764   NtAllocateVirtualMemory  (-1, 90955776, 0, 8192, 4096, 4, ... 90955776, 8192, ) == 0x0
 01269  1764   NtProtectVirtualMemory  (-1, (0x56be000), 4096, 260, ...
 01270  1336   NtWaitForSingleObject  (96, 0, 0x0, ...
 01269  1764   NtProtectVirtualMemory  ... (0x56be000), 4096, 4, ) == 0x0
 01271  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 392, {1304, 1200}, ) == 0x0
 01272  1764   NtQueryInformationThread  (392, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6d000,Pid=1304,Tid=1200,}, 0x0, ) == 0x0
 01273  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58061, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\1\0\0\30\5\0\0\260\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\1\0\0\30\5\0\0\260\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58062, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\1\0\0\30\5\0\0\260\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\1\0\0\30\5\0\0\260\4\0\0" )  ) == 0x0
 01274  1764   NtResumeThread  (392, ... 1, ) == 0x0
 01275  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 90963968, 1048576, ) == 0x0
 01276  1200   NtWaitForSingleObject  (96, 0, 0x0, ...
 01277  1764   NtAllocateVirtualMemory  (-1, 92004352, 0, 8192, 4096, 4, ... 92004352, 8192, ) == 0x0
 01278  1764   NtProtectVirtualMemory  (-1, (0x57be000), 4096, 260, ... (0x57be000), 4096, 4, ) == 0x0
 01279  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 396, {1304, 1920}, ) == 0x0
 01280  1764   NtQueryInformationThread  (396, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6c000,Pid=1304,Tid=1920,}, 0x0, ) == 0x0
 01281  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58062, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0\30\5\0\0\200\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0\30\5\0\0\200\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58063, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0\30\5\0\0\200\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0\30\5\0\0\200\7\0\0" )  ) == 0x0
 01282  1764   NtResumeThread  (396, ... 1, ) == 0x0
 01283  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 92012544, 1048576, ) == 0x0
 01284  1764   NtAllocateVirtualMemory  (-1, 93052928, 0, 8192, 4096, 4, ... 93052928, 8192, ) == 0x0
 01285  1764   NtProtectVirtualMemory  (-1, (0x58be000), 4096, 260, ...
 01286  1920   NtWaitForSingleObject  (96, 0, 0x0, ...
 01285  1764   NtProtectVirtualMemory  ... (0x58be000), 4096, 4, ) == 0x0
 01287  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 400, {1304, 896}, ) == 0x0
 01288  1764   NtQueryInformationThread  (400, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6b000,Pid=1304,Tid=896,}, 0x0, ) == 0x0
 01289  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58063, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\1\0\0\30\5\0\0\200\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\1\0\0\30\5\0\0\200\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58064, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\1\0\0\30\5\0\0\200\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\1\0\0\30\5\0\0\200\3\0\0" )  ) == 0x0
 01290  1764   NtResumeThread  (400, ... 1, ) == 0x0
 01291  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 93061120, 1048576, ) == 0x0
 01292   896   NtWaitForSingleObject  (96, 0, 0x0, ...
 01293  1764   NtAllocateVirtualMemory  (-1, 94101504, 0, 8192, 4096, 4, ... 94101504, 8192, ) == 0x0
 01294  1764   NtProtectVirtualMemory  (-1, (0x59be000), 4096, 260, ... (0x59be000), 4096, 4, ) == 0x0
 01295  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 404, {1304, 2016}, ) == 0x0
 01296  1764   NtQueryInformationThread  (404, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6a000,Pid=1304,Tid=2016,}, 0x0, ) == 0x0
 01297  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58064, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0\30\5\0\0\340\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0\30\5\0\0\340\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58065, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0\30\5\0\0\340\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0\30\5\0\0\340\7\0\0" )  ) == 0x0
 01298  1764   NtResumeThread  (404, ... 1, ) == 0x0
 01299  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 94109696, 1048576, ) == 0x0
 01300  1764   NtAllocateVirtualMemory  (-1, 95150080, 0, 8192, 4096, 4, ... 95150080, 8192, ) == 0x0
 01301  1764   NtProtectVirtualMemory  (-1, (0x5abe000), 4096, 260, ...
 01302  2016   NtWaitForSingleObject  (96, 0, 0x0, ...
 01301  1764   NtProtectVirtualMemory  ... (0x5abe000), 4096, 4, ) == 0x0
 01303  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 408, {1304, 2012}, ) == 0x0
 01304  1764   NtQueryInformationThread  (408, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff69000,Pid=1304,Tid=2012,}, 0x0, ) == 0x0
 01305  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58065, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0\30\5\0\0\334\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0\30\5\0\0\334\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58066, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0\30\5\0\0\334\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0\30\5\0\0\334\7\0\0" )  ) == 0x0
 01306  1764   NtResumeThread  (408, ... 1, ) == 0x0
 01307  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 95158272, 1048576, ) == 0x0
 01308  2012   NtWaitForSingleObject  (96, 0, 0x0, ...
 01309  1764   NtAllocateVirtualMemory  (-1, 96198656, 0, 8192, 4096, 4, ... 96198656, 8192, ) == 0x0
 01310  1764   NtProtectVirtualMemory  (-1, (0x5bbe000), 4096, 260, ... (0x5bbe000), 4096, 4, ) == 0x0
 01311  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 412, {1304, 1604}, ) == 0x0
 01312  1764   NtQueryInformationThread  (412, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff68000,Pid=1304,Tid=1604,}, 0x0, ) == 0x0
 01313  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58066, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0\30\5\0\0D\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0\30\5\0\0D\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58067, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0\30\5\0\0D\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0\30\5\0\0D\6\0\0" )  ) == 0x0
 01314  1764   NtResumeThread  (412, ... 1, ) == 0x0
 01315  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 96206848, 1048576, ) == 0x0
 01316  1764   NtAllocateVirtualMemory  (-1, 97247232, 0, 8192, 4096, 4, ... 97247232, 8192, ) == 0x0
 01317  1764   NtProtectVirtualMemory  (-1, (0x5cbe000), 4096, 260, ...
 01318  1604   NtWaitForSingleObject  (96, 0, 0x0, ...
 01317  1764   NtProtectVirtualMemory  ... (0x5cbe000), 4096, 4, ) == 0x0
 01319  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 416, {1304, 1572}, ) == 0x0
 01320  1764   NtQueryInformationThread  (416, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff67000,Pid=1304,Tid=1572,}, 0x0, ) == 0x0
 01321  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58067, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0\30\5\0\0$\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0\30\5\0\0$\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58068, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0\30\5\0\0$\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0\30\5\0\0$\6\0\0" )  ) == 0x0
 01322  1764   NtResumeThread  (416, ... 1, ) == 0x0
 01323  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 97255424, 1048576, ) == 0x0
 01324  1572   NtWaitForSingleObject  (96, 0, 0x0, ...
 01325  1764   NtAllocateVirtualMemory  (-1, 98295808, 0, 8192, 4096, 4, ... 98295808, 8192, ) == 0x0
 01326  1764   NtProtectVirtualMemory  (-1, (0x5dbe000), 4096, 260, ... (0x5dbe000), 4096, 4, ) == 0x0
 01327  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 420, {1304, 596}, ) == 0x0
 01328  1764   NtQueryInformationThread  (420, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff66000,Pid=1304,Tid=596,}, 0x0, ) == 0x0
 01329  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58068, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0\30\5\0\0T\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0\30\5\0\0T\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58069, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0\30\5\0\0T\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0\30\5\0\0T\2\0\0" )  ) == 0x0
 01330  1764   NtResumeThread  (420, ... 1, ) == 0x0
 01331  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 98304000, 1048576, ) == 0x0
 01332  1764   NtAllocateVirtualMemory  (-1, 99344384, 0, 8192, 4096, 4, ... 99344384, 8192, ) == 0x0
 01333   596   NtWaitForSingleObject  (96, 0, 0x0, ...
 01334  1764   NtProtectVirtualMemory  (-1, (0x5ebe000), 4096, 260, ... (0x5ebe000), 4096, 4, ) == 0x0
 01335  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 424, {1304, 376}, ) == 0x0
 01336  1764   NtQueryInformationThread  (424, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff65000,Pid=1304,Tid=376,}, 0x0, ) == 0x0
 01337  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58069, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0\30\5\0\0x\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0\30\5\0\0x\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58070, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0\30\5\0\0x\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0\30\5\0\0x\1\0\0" )  ) == 0x0
 01338  1764   NtResumeThread  (424, ... 1, ) == 0x0
 01339  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01340   376   NtWaitForSingleObject  (96, 0, 0x0, ...
 01339  1764   NtAllocateVirtualMemory  ... 99352576, 1048576, ) == 0x0
 01341  1764   NtAllocateVirtualMemory  (-1, 100392960, 0, 8192, 4096, 4, ... 100392960, 8192, ) == 0x0
 01342  1764   NtProtectVirtualMemory  (-1, (0x5fbe000), 4096, 260, ... (0x5fbe000), 4096, 4, ) == 0x0
 01343  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 428, {1304, 1168}, ) == 0x0
 01344  1764   NtQueryInformationThread  (428, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff64000,Pid=1304,Tid=1168,}, 0x0, ) == 0x0
 01345  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58070, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0\30\5\0\0\220\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0\30\5\0\0\220\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58071, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0\30\5\0\0\220\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0\30\5\0\0\220\4\0\0" )  ) == 0x0
 01346  1764   NtResumeThread  (428, ... 1, ) == 0x0
 01347  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 100401152, 1048576, ) == 0x0
 01348  1764   NtAllocateVirtualMemory  (-1, 101441536, 0, 8192, 4096, 4, ... 101441536, 8192, ) == 0x0
 01349  1168   NtWaitForSingleObject  (96, 0, 0x0, ...
 01350  1764   NtProtectVirtualMemory  (-1, (0x60be000), 4096, 260, ... (0x60be000), 4096, 4, ) == 0x0
 01351  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 432, {1304, 428}, ) == 0x0
 01352  1764   NtQueryInformationThread  (432, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff63000,Pid=1304,Tid=428,}, 0x0, ) == 0x0
 01353  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58071, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0\30\5\0\0\254\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0\30\5\0\0\254\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58072, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0\30\5\0\0\254\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0\30\5\0\0\254\1\0\0" )  ) == 0x0
 01354  1764   NtResumeThread  (432, ... 1, ) == 0x0
 01355  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01356   428   NtWaitForSingleObject  (96, 0, 0x0, ...
 01355  1764   NtAllocateVirtualMemory  ... 101449728, 1048576, ) == 0x0
 01357  1764   NtAllocateVirtualMemory  (-1, 102490112, 0, 8192, 4096, 4, ... 102490112, 8192, ) == 0x0
 01358  1764   NtProtectVirtualMemory  (-1, (0x61be000), 4096, 260, ... (0x61be000), 4096, 4, ) == 0x0
 01359  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 436, {1304, 1344}, ) == 0x0
 01360  1764   NtQueryInformationThread  (436, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff62000,Pid=1304,Tid=1344,}, 0x0, ) == 0x0
 01361  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58072, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0\30\5\0\0@\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0\30\5\0\0@\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58073, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0\30\5\0\0@\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0\30\5\0\0@\5\0\0" )  ) == 0x0
 01362  1764   NtResumeThread  (436, ... 1, ) == 0x0
 01363  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 102498304, 1048576, ) == 0x0
 01364  1764   NtAllocateVirtualMemory  (-1, 103538688, 0, 8192, 4096, 4, ... 103538688, 8192, ) == 0x0
 01365  1344   NtWaitForSingleObject  (96, 0, 0x0, ...
 01366  1764   NtProtectVirtualMemory  (-1, (0x62be000), 4096, 260, ... (0x62be000), 4096, 4, ) == 0x0
 01367  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 440, {1304, 1300}, ) == 0x0
 01368  1764   NtQueryInformationThread  (440, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff61000,Pid=1304,Tid=1300,}, 0x0, ) == 0x0
 01369  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58073, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0\30\5\0\0\24\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0\30\5\0\0\24\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58074, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0\30\5\0\0\24\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0\30\5\0\0\24\5\0\0" )  ) == 0x0
 01370  1764   NtResumeThread  (440, ... 1, ) == 0x0
 01371  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01372  1300   NtWaitForSingleObject  (96, 0, 0x0, ...
 01371  1764   NtAllocateVirtualMemory  ... 103546880, 1048576, ) == 0x0
 01373  1764   NtAllocateVirtualMemory  (-1, 104587264, 0, 8192, 4096, 4, ... 104587264, 8192, ) == 0x0
 01374  1764   NtProtectVirtualMemory  (-1, (0x63be000), 4096, 260, ... (0x63be000), 4096, 4, ) == 0x0
 01375  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 444, {1304, 1096}, ) == 0x0
 01376  1764   NtQueryInformationThread  (444, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff60000,Pid=1304,Tid=1096,}, 0x0, ) == 0x0
 01377  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58074, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0\30\5\0\0H\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0\30\5\0\0H\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58075, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0\30\5\0\0H\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0\30\5\0\0H\4\0\0" )  ) == 0x0
 01378  1764   NtResumeThread  (444, ... 1, ) == 0x0
 01379  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 104595456, 1048576, ) == 0x0
 01380  1764   NtAllocateVirtualMemory  (-1, 105635840, 0, 8192, 4096, 4, ... 105635840, 8192, ) == 0x0
 01381  1096   NtWaitForSingleObject  (96, 0, 0x0, ...
 01382  1764   NtProtectVirtualMemory  (-1, (0x64be000), 4096, 260, ... (0x64be000), 4096, 4, ) == 0x0
 01383  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 448, {1304, 252}, ) == 0x0
 01384  1764   NtQueryInformationThread  (448, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5f000,Pid=1304,Tid=252,}, 0x0, ) == 0x0
 01385  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58075, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0\30\5\0\0\374\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0\30\5\0\0\374\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58076, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0\30\5\0\0\374\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0\30\5\0\0\374\0\0\0" )  ) == 0x0
 01386  1764   NtResumeThread  (448, ... 1, ) == 0x0
 01387  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01388   252   NtWaitForSingleObject  (96, 0, 0x0, ...
 01387  1764   NtAllocateVirtualMemory  ... 105644032, 1048576, ) == 0x0
 01389  1764   NtAllocateVirtualMemory  (-1, 106684416, 0, 8192, 4096, 4, ... 106684416, 8192, ) == 0x0
 01390  1764   NtProtectVirtualMemory  (-1, (0x65be000), 4096, 260, ... (0x65be000), 4096, 4, ) == 0x0
 01391  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 452, {1304, 500}, ) == 0x0
 01392  1764   NtQueryInformationThread  (452, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5e000,Pid=1304,Tid=500,}, 0x0, ) == 0x0
 01393  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58076, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0\30\5\0\0\364\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0\30\5\0\0\364\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58077, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0\30\5\0\0\364\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0\30\5\0\0\364\1\0\0" )  ) == 0x0
 01394  1764   NtResumeThread  (452, ... 1, ) == 0x0
 01395  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 106692608, 1048576, ) == 0x0
 01396  1764   NtAllocateVirtualMemory  (-1, 107732992, 0, 8192, 4096, 4, ... 107732992, 8192, ) == 0x0
 01397   500   NtWaitForSingleObject  (96, 0, 0x0, ...
 01398  1764   NtProtectVirtualMemory  (-1, (0x66be000), 4096, 260, ... (0x66be000), 4096, 4, ) == 0x0
 01399  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 456, {1304, 1132}, ) == 0x0
 01400  1764   NtQueryInformationThread  (456, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5d000,Pid=1304,Tid=1132,}, 0x0, ) == 0x0
 01401  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58077, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0\30\5\0\0l\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0\30\5\0\0l\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58078, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0\30\5\0\0l\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0\30\5\0\0l\4\0\0" )  ) == 0x0
 01402  1764   NtResumeThread  (456, ... 1, ) == 0x0
 01403  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01404  1132   NtWaitForSingleObject  (96, 0, 0x0, ...
 01403  1764   NtAllocateVirtualMemory  ... 107741184, 1048576, ) == 0x0
 01405  1764   NtAllocateVirtualMemory  (-1, 108781568, 0, 8192, 4096, 4, ... 108781568, 8192, ) == 0x0
 01406  1764   NtProtectVirtualMemory  (-1, (0x67be000), 4096, 260, ... (0x67be000), 4096, 4, ) == 0x0
 01407  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 460, {1304, 1024}, ) == 0x0
 01408  1764   NtQueryInformationThread  (460, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5c000,Pid=1304,Tid=1024,}, 0x0, ) == 0x0
 01409  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58078, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0\30\5\0\0\0\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0\30\5\0\0\0\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58079, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0\30\5\0\0\0\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0\30\5\0\0\0\4\0\0" )  ) == 0x0
 01410  1764   NtResumeThread  (460, ... 1, ) == 0x0
 01411  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 108789760, 1048576, ) == 0x0
 01412  1764   NtAllocateVirtualMemory  (-1, 109830144, 0, 8192, 4096, 4, ... 109830144, 8192, ) == 0x0
 01413  1024   NtWaitForSingleObject  (96, 0, 0x0, ...
 01414  1764   NtProtectVirtualMemory  (-1, (0x68be000), 4096, 260, ... (0x68be000), 4096, 4, ) == 0x0
 01415  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 464, {1304, 948}, ) == 0x0
 01416  1764   NtQueryInformationThread  (464, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5b000,Pid=1304,Tid=948,}, 0x0, ) == 0x0
 01417  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58079, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0\30\5\0\0\264\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0\30\5\0\0\264\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58080, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0\30\5\0\0\264\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0\30\5\0\0\264\3\0\0" )  ) == 0x0
 01418  1764   NtResumeThread  (464, ... 1, ) == 0x0
 01419  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01420   948   NtWaitForSingleObject  (96, 0, 0x0, ...
 01419  1764   NtAllocateVirtualMemory  ... 109838336, 1048576, ) == 0x0
 01421  1764   NtAllocateVirtualMemory  (-1, 110878720, 0, 8192, 4096, 4, ... 110878720, 8192, ) == 0x0
 01422  1764   NtProtectVirtualMemory  (-1, (0x69be000), 4096, 260, ... (0x69be000), 4096, 4, ) == 0x0
 01423  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 468, {1304, 1388}, ) == 0x0
 01424  1764   NtQueryInformationThread  (468, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5a000,Pid=1304,Tid=1388,}, 0x0, ) == 0x0
 01425  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58080, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0\30\5\0\0l\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0\30\5\0\0l\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58081, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0\30\5\0\0l\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0\30\5\0\0l\5\0\0" )  ) == 0x0
 01426  1764   NtResumeThread  (468, ... 1, ) == 0x0
 01427  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 110886912, 1048576, ) == 0x0
 01428  1764   NtAllocateVirtualMemory  (-1, 111927296, 0, 8192, 4096, 4, ... 111927296, 8192, ) == 0x0
 01429  1388   NtWaitForSingleObject  (96, 0, 0x0, ...
 01430  1764   NtProtectVirtualMemory  (-1, (0x6abe000), 4096, 260, ... (0x6abe000), 4096, 4, ) == 0x0
 01431  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 472, {1304, 520}, ) == 0x0
 01432  1764   NtQueryInformationThread  (472, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff59000,Pid=1304,Tid=520,}, 0x0, ) == 0x0
 01433  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58081, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0\30\5\0\0\10\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0\30\5\0\0\10\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58082, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0\30\5\0\0\10\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0\30\5\0\0\10\2\0\0" )  ) == 0x0
 01434  1764   NtResumeThread  (472, ... 1, ) == 0x0
 01435  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01436   520   NtWaitForSingleObject  (96, 0, 0x0, ...
 01435  1764   NtAllocateVirtualMemory  ... 111935488, 1048576, ) == 0x0
 01437  1764   NtAllocateVirtualMemory  (-1, 112975872, 0, 8192, 4096, 4, ... 112975872, 8192, ) == 0x0
 01438  1764   NtProtectVirtualMemory  (-1, (0x6bbe000), 4096, 260, ... (0x6bbe000), 4096, 4, ) == 0x0
 01439  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 476, {1304, 276}, ) == 0x0
 01440  1764   NtQueryInformationThread  (476, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff58000,Pid=1304,Tid=276,}, 0x0, ) == 0x0
 01441  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58082, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0\30\5\0\0\24\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0\30\5\0\0\24\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58083, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0\30\5\0\0\24\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0\30\5\0\0\24\1\0\0" )  ) == 0x0
 01442  1764   NtResumeThread  (476, ... 1, ) == 0x0
 01443  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 112984064, 1048576, ) == 0x0
 01444  1764   NtAllocateVirtualMemory  (-1, 114024448, 0, 8192, 4096, 4, ... 114024448, 8192, ) == 0x0
 01445   276   NtWaitForSingleObject  (96, 0, 0x0, ...
 01446  1764   NtProtectVirtualMemory  (-1, (0x6cbe000), 4096, 260, ... (0x6cbe000), 4096, 4, ) == 0x0
 01447  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 480, {1304, 996}, ) == 0x0
 01448  1764   NtQueryInformationThread  (480, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff57000,Pid=1304,Tid=996,}, 0x0, ) == 0x0
 01449  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58083, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0\30\5\0\0\344\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0\30\5\0\0\344\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58084, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0\30\5\0\0\344\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0\30\5\0\0\344\3\0\0" )  ) == 0x0
 01450  1764   NtResumeThread  (480, ... 1, ) == 0x0
 01451  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01452   996   NtWaitForSingleObject  (96, 0, 0x0, ...
 01451  1764   NtAllocateVirtualMemory  ... 114032640, 1048576, ) == 0x0
 01453  1764   NtAllocateVirtualMemory  (-1, 115073024, 0, 8192, 4096, 4, ... 115073024, 8192, ) == 0x0
 01454  1764   NtProtectVirtualMemory  (-1, (0x6dbe000), 4096, 260, ... (0x6dbe000), 4096, 4, ) == 0x0
 01455  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 484, {1304, 1064}, ) == 0x0
 01456  1764   NtQueryInformationThread  (484, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff56000,Pid=1304,Tid=1064,}, 0x0, ) == 0x0
 01457  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58084, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0\30\5\0\0(\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0\30\5\0\0(\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58085, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0\30\5\0\0(\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0\30\5\0\0(\4\0\0" )  ) == 0x0
 01458  1764   NtResumeThread  (484, ... 1, ) == 0x0
 01459  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 115081216, 1048576, ) == 0x0
 01460  1764   NtAllocateVirtualMemory  (-1, 116121600, 0, 8192, 4096, 4, ... 116121600, 8192, ) == 0x0
 01461  1064   NtWaitForSingleObject  (96, 0, 0x0, ...
 01462  1764   NtProtectVirtualMemory  (-1, (0x6ebe000), 4096, 260, ... (0x6ebe000), 4096, 4, ) == 0x0
 01463  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 488, {1304, 1600}, ) == 0x0
 01464  1764   NtQueryInformationThread  (488, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff55000,Pid=1304,Tid=1600,}, 0x0, ) == 0x0
 01465  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58085, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0\30\5\0\0@\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0\30\5\0\0@\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58086, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0\30\5\0\0@\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0\30\5\0\0@\6\0\0" )  ) == 0x0
 01466  1764   NtResumeThread  (488, ... 1, ) == 0x0
 01467  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01468  1600   NtWaitForSingleObject  (96, 0, 0x0, ...
 01467  1764   NtAllocateVirtualMemory  ... 116129792, 1048576, ) == 0x0
 01469  1764   NtAllocateVirtualMemory  (-1, 117170176, 0, 8192, 4096, 4, ... 117170176, 8192, ) == 0x0
 01470  1764   NtProtectVirtualMemory  (-1, (0x6fbe000), 4096, 260, ... (0x6fbe000), 4096, 4, ) == 0x0
 01471  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 492, {1304, 1372}, ) == 0x0
 01472  1764   NtQueryInformationThread  (492, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff54000,Pid=1304,Tid=1372,}, 0x0, ) == 0x0
 01473  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58086, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0\30\5\0\0\\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0\30\5\0\0\\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58087, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0\30\5\0\0\\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0\30\5\0\0\\5\0\0" )  ) == 0x0
 01474  1764   NtResumeThread  (492, ... 1, ) == 0x0
 01475  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 117178368, 1048576, ) == 0x0
 01476  1764   NtAllocateVirtualMemory  (-1, 118218752, 0, 8192, 4096, 4, ... 118218752, 8192, ) == 0x0
 01477  1372   NtWaitForSingleObject  (96, 0, 0x0, ...
 01478  1764   NtProtectVirtualMemory  (-1, (0x70be000), 4096, 260, ... (0x70be000), 4096, 4, ) == 0x0
 01479  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 496, {1304, 2040}, ) == 0x0
 01480  1764   NtQueryInformationThread  (496, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff53000,Pid=1304,Tid=2040,}, 0x0, ) == 0x0
 01481  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58087, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0\30\5\0\0\370\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0\30\5\0\0\370\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58088, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0\30\5\0\0\370\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0\30\5\0\0\370\7\0\0" )  ) == 0x0
 01482  1764   NtResumeThread  (496, ... 1, ) == 0x0
 01483  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01484  2040   NtWaitForSingleObject  (96, 0, 0x0, ...
 01483  1764   NtAllocateVirtualMemory  ... 118226944, 1048576, ) == 0x0
 01485  1764   NtAllocateVirtualMemory  (-1, 119267328, 0, 8192, 4096, 4, ... 119267328, 8192, ) == 0x0
 01486  1764   NtProtectVirtualMemory  (-1, (0x71be000), 4096, 260, ... (0x71be000), 4096, 4, ) == 0x0
 01487  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 500, {1304, 216}, ) == 0x0
 01488  1764   NtQueryInformationThread  (500, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff52000,Pid=1304,Tid=216,}, 0x0, ) == 0x0
 01489  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58088, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0\30\5\0\0\330\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0\30\5\0\0\330\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58089, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0\30\5\0\0\330\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0\30\5\0\0\330\0\0\0" )  ) == 0x0
 01490  1764   NtResumeThread  (500, ... 1, ) == 0x0
 01491  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 119275520, 1048576, ) == 0x0
 01492  1764   NtAllocateVirtualMemory  (-1, 120315904, 0, 8192, 4096, 4, ... 120315904, 8192, ) == 0x0
 01493   216   NtWaitForSingleObject  (96, 0, 0x0, ...
 01494  1764   NtProtectVirtualMemory  (-1, (0x72be000), 4096, 260, ... (0x72be000), 4096, 4, ) == 0x0
 01495  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 504, {1304, 900}, ) == 0x0
 01496  1764   NtQueryInformationThread  (504, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff51000,Pid=1304,Tid=900,}, 0x0, ) == 0x0
 01497  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58089, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0\30\5\0\0\204\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0\30\5\0\0\204\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58090, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0\30\5\0\0\204\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0\30\5\0\0\204\3\0\0" )  ) == 0x0
 01498  1764   NtResumeThread  (504, ... 1, ) == 0x0
 01499  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01500   900   NtWaitForSingleObject  (96, 0, 0x0, ...
 01499  1764   NtAllocateVirtualMemory  ... 120324096, 1048576, ) == 0x0
 01501  1764   NtAllocateVirtualMemory  (-1, 121364480, 0, 8192, 4096, 4, ... 121364480, 8192, ) == 0x0
 01502  1764   NtProtectVirtualMemory  (-1, (0x73be000), 4096, 260, ... (0x73be000), 4096, 4, ) == 0x0
 01503  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 508, {1304, 1272}, ) == 0x0
 01504  1764   NtQueryInformationThread  (508, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff50000,Pid=1304,Tid=1272,}, 0x0, ) == 0x0
 01505  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58090, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0\30\5\0\0\370\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0\30\5\0\0\370\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58091, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0\30\5\0\0\370\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0\30\5\0\0\370\4\0\0" )  ) == 0x0
 01506  1764   NtResumeThread  (508, ... 1, ) == 0x0
 01507  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 121372672, 1048576, ) == 0x0
 01508  1764   NtAllocateVirtualMemory  (-1, 122413056, 0, 8192, 4096, 4, ... 122413056, 8192, ) == 0x0
 01509  1272   NtWaitForSingleObject  (96, 0, 0x0, ...
 01510  1764   NtProtectVirtualMemory  (-1, (0x74be000), 4096, 260, ... (0x74be000), 4096, 4, ) == 0x0
 01511  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 512, {1304, 1240}, ) == 0x0
 01512  1764   NtQueryInformationThread  (512, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4f000,Pid=1304,Tid=1240,}, 0x0, ) == 0x0
 01513  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58091, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0\30\5\0\0\330\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0\30\5\0\0\330\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58092, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0\30\5\0\0\330\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0\30\5\0\0\330\4\0\0" )  ) == 0x0
 01514  1764   NtResumeThread  (512, ... 1, ) == 0x0
 01515  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01516  1240   NtWaitForSingleObject  (96, 0, 0x0, ...
 01515  1764   NtAllocateVirtualMemory  ... 122421248, 1048576, ) == 0x0
 01517  1764   NtAllocateVirtualMemory  (-1, 123461632, 0, 8192, 4096, 4, ... 123461632, 8192, ) == 0x0
 01518  1764   NtProtectVirtualMemory  (-1, (0x75be000), 4096, 260, ... (0x75be000), 4096, 4, ) == 0x0
 01519  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 516, {1304, 1776}, ) == 0x0
 01520  1764   NtQueryInformationThread  (516, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4e000,Pid=1304,Tid=1776,}, 0x0, ) == 0x0
 01521  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58092, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0\30\5\0\0\360\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0\30\5\0\0\360\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58093, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0\30\5\0\0\360\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0\30\5\0\0\360\6\0\0" )  ) == 0x0
 01522  1764   NtResumeThread  (516, ... 1, ) == 0x0
 01523  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 123469824, 1048576, ) == 0x0
 01524  1764   NtAllocateVirtualMemory  (-1, 124510208, 0, 8192, 4096, 4, ... 124510208, 8192, ) == 0x0
 01525  1776   NtWaitForSingleObject  (96, 0, 0x0, ...
 01526  1764   NtProtectVirtualMemory  (-1, (0x76be000), 4096, 260, ... (0x76be000), 4096, 4, ) == 0x0
 01527  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 520, {1304, 248}, ) == 0x0
 01528  1764   NtQueryInformationThread  (520, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4d000,Pid=1304,Tid=248,}, 0x0, ) == 0x0
 01529  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58093, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0\30\5\0\0\370\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0\30\5\0\0\370\0\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58094, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0\30\5\0\0\370\0\0\0" ... {28, 56, reply, 0, 1304, 1764, 58094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0\30\5\0\0\370\0\0\0" )  ) == 0x0
 01530  1764   NtResumeThread  (520, ... 1, ) == 0x0
 01531  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01532   248   NtWaitForSingleObject  (96, 0, 0x0, ...
 01531  1764   NtAllocateVirtualMemory  ... 124518400, 1048576, ) == 0x0
 01533  1764   NtAllocateVirtualMemory  (-1, 125558784, 0, 8192, 4096, 4, ... 125558784, 8192, ) == 0x0
 01534  1764   NtProtectVirtualMemory  (-1, (0x77be000), 4096, 260, ... (0x77be000), 4096, 4, ) == 0x0
 01535  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 524, {1304, 1652}, ) == 0x0
 01536  1764   NtQueryInformationThread  (524, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4c000,Pid=1304,Tid=1652,}, 0x0, ) == 0x0
 01537  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58094, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0\30\5\0\0t\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0\30\5\0\0t\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58095, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0\30\5\0\0t\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0\30\5\0\0t\6\0\0" )  ) == 0x0
 01538  1764   NtResumeThread  (524, ... 1, ) == 0x0
 01539  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 125566976, 1048576, ) == 0x0
 01540  1764   NtAllocateVirtualMemory  (-1, 126607360, 0, 8192, 4096, 4, ... 126607360, 8192, ) == 0x0
 01541  1652   NtWaitForSingleObject  (96, 0, 0x0, ...
 01542  1764   NtProtectVirtualMemory  (-1, (0x78be000), 4096, 260, ... (0x78be000), 4096, 4, ) == 0x0
 01543  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 528, {1304, 588}, ) == 0x0
 01544  1764   NtQueryInformationThread  (528, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4b000,Pid=1304,Tid=588,}, 0x0, ) == 0x0
 01545  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58095, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0\30\5\0\0L\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0\30\5\0\0L\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58096, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0\30\5\0\0L\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0\30\5\0\0L\2\0\0" )  ) == 0x0
 01546  1764   NtResumeThread  (528, ... 1, ) == 0x0
 01547  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01548   588   NtWaitForSingleObject  (96, 0, 0x0, ...
 01547  1764   NtAllocateVirtualMemory  ... 126615552, 1048576, ) == 0x0
 01549  1764   NtAllocateVirtualMemory  (-1, 127655936, 0, 8192, 4096, 4, ... 127655936, 8192, ) == 0x0
 01550  1764   NtProtectVirtualMemory  (-1, (0x79be000), 4096, 260, ... (0x79be000), 4096, 4, ) == 0x0
 01551  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 532, {1304, 440}, ) == 0x0
 01552  1764   NtQueryInformationThread  (532, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4a000,Pid=1304,Tid=440,}, 0x0, ) == 0x0
 01553  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58096, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0\30\5\0\0\270\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0\30\5\0\0\270\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58097, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0\30\5\0\0\270\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0\30\5\0\0\270\1\0\0" )  ) == 0x0
 01554  1764   NtResumeThread  (532, ... 1, ) == 0x0
 01555  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 127664128, 1048576, ) == 0x0
 01556  1764   NtAllocateVirtualMemory  (-1, 128704512, 0, 8192, 4096, 4, ... 128704512, 8192, ) == 0x0
 01557   440   NtWaitForSingleObject  (96, 0, 0x0, ...
 01558  1764   NtProtectVirtualMemory  (-1, (0x7abe000), 4096, 260, ... (0x7abe000), 4096, 4, ) == 0x0
 01559  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 536, {1304, 1296}, ) == 0x0
 01560  1764   NtQueryInformationThread  (536, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff49000,Pid=1304,Tid=1296,}, 0x0, ) == 0x0
 01561  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58097, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0\30\5\0\0\20\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0\30\5\0\0\20\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58098, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0\30\5\0\0\20\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0\30\5\0\0\20\5\0\0" )  ) == 0x0
 01562  1764   NtResumeThread  (536, ... 1, ) == 0x0
 01563  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01564  1296   NtWaitForSingleObject  (96, 0, 0x0, ...
 01563  1764   NtAllocateVirtualMemory  ... 128712704, 1048576, ) == 0x0
 01565  1764   NtAllocateVirtualMemory  (-1, 129753088, 0, 8192, 4096, 4, ... 129753088, 8192, ) == 0x0
 01566  1764   NtProtectVirtualMemory  (-1, (0x7bbe000), 4096, 260, ... (0x7bbe000), 4096, 4, ) == 0x0
 01567  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 540, {1304, 1612}, ) == 0x0
 01568  1764   NtQueryInformationThread  (540, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff48000,Pid=1304,Tid=1612,}, 0x0, ) == 0x0
 01569  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58098, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0\30\5\0\0L\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0\30\5\0\0L\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58099, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0\30\5\0\0L\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0\30\5\0\0L\6\0\0" )  ) == 0x0
 01570  1764   NtResumeThread  (540, ... 1, ) == 0x0
 01571  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 129761280, 1048576, ) == 0x0
 01572  1764   NtAllocateVirtualMemory  (-1, 130801664, 0, 8192, 4096, 4, ... 130801664, 8192, ) == 0x0
 01573  1612   NtWaitForSingleObject  (96, 0, 0x0, ...
 01574  1764   NtProtectVirtualMemory  (-1, (0x7cbe000), 4096, 260, ... (0x7cbe000), 4096, 4, ) == 0x0
 01575  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 544, {1304, 1436}, ) == 0x0
 01576  1764   NtQueryInformationThread  (544, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff47000,Pid=1304,Tid=1436,}, 0x0, ) == 0x0
 01577  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58099, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0\30\5\0\0\234\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0\30\5\0\0\234\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58100, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0\30\5\0\0\234\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0\30\5\0\0\234\5\0\0" )  ) == 0x0
 01578  1764   NtResumeThread  (544, ... 1, ) == 0x0
 01579  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01580  1436   NtWaitForSingleObject  (96, 0, 0x0, ...
 01579  1764   NtAllocateVirtualMemory  ... 130809856, 1048576, ) == 0x0
 01581  1764   NtAllocateVirtualMemory  (-1, 131850240, 0, 8192, 4096, 4, ... 131850240, 8192, ) == 0x0
 01582  1764   NtProtectVirtualMemory  (-1, (0x7dbe000), 4096, 260, ... (0x7dbe000), 4096, 4, ) == 0x0
 01583  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 548, {1304, 480}, ) == 0x0
 01584  1764   NtQueryInformationThread  (548, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff46000,Pid=1304,Tid=480,}, 0x0, ) == 0x0
 01585  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58100, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0\30\5\0\0\340\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0\30\5\0\0\340\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58101, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0\30\5\0\0\340\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0\30\5\0\0\340\1\0\0" )  ) == 0x0
 01586  1764   NtResumeThread  (548, ... 1, ) == 0x0
 01587  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 131858432, 1048576, ) == 0x0
 01588  1764   NtAllocateVirtualMemory  (-1, 132898816, 0, 8192, 4096, 4, ... 132898816, 8192, ) == 0x0
 01589   480   NtWaitForSingleObject  (96, 0, 0x0, ...
 01590  1764   NtProtectVirtualMemory  (-1, (0x7ebe000), 4096, 260, ... (0x7ebe000), 4096, 4, ) == 0x0
 01591  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 552, {1304, 1192}, ) == 0x0
 01592  1764   NtQueryInformationThread  (552, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff45000,Pid=1304,Tid=1192,}, 0x0, ) == 0x0
 01593  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58101, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0\30\5\0\0\250\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0\30\5\0\0\250\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58102, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0\30\5\0\0\250\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0\30\5\0\0\250\4\0\0" )  ) == 0x0
 01594  1764   NtResumeThread  (552, ... 1, ) == 0x0
 01595  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01596  1192   NtWaitForSingleObject  (96, 0, 0x0, ...
 01595  1764   NtAllocateVirtualMemory  ... 132907008, 1048576, ) == 0x0
 01597  1764   NtAllocateVirtualMemory  (-1, 133947392, 0, 8192, 4096, 4, ... 133947392, 8192, ) == 0x0
 01598  1764   NtProtectVirtualMemory  (-1, (0x7fbe000), 4096, 260, ... (0x7fbe000), 4096, 4, ) == 0x0
 01599  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 556, {1304, 724}, ) == 0x0
 01600  1764   NtQueryInformationThread  (556, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff44000,Pid=1304,Tid=724,}, 0x0, ) == 0x0
 01601  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58102, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0\30\5\0\0\324\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0\30\5\0\0\324\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58103, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0\30\5\0\0\324\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0\30\5\0\0\324\2\0\0" )  ) == 0x0
 01602  1764   NtResumeThread  (556, ... 1, ) == 0x0
 01603  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 133955584, 1048576, ) == 0x0
 01604  1764   NtAllocateVirtualMemory  (-1, 134995968, 0, 8192, 4096, 4, ... 134995968, 8192, ) == 0x0
 01605   724   NtWaitForSingleObject  (96, 0, 0x0, ...
 01606  1764   NtProtectVirtualMemory  (-1, (0x80be000), 4096, 260, ... (0x80be000), 4096, 4, ) == 0x0
 01607  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 560, {1304, 1276}, ) == 0x0
 01608  1764   NtQueryInformationThread  (560, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff43000,Pid=1304,Tid=1276,}, 0x0, ) == 0x0
 01609  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58103, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0\30\5\0\0\374\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0\30\5\0\0\374\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58104, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0\30\5\0\0\374\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0\30\5\0\0\374\4\0\0" )  ) == 0x0
 01610  1764   NtResumeThread  (560, ... 1, ) == 0x0
 01611  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01612  1276   NtWaitForSingleObject  (96, 0, 0x0, ...
 01611  1764   NtAllocateVirtualMemory  ... 135004160, 1048576, ) == 0x0
 01613  1764   NtAllocateVirtualMemory  (-1, 136044544, 0, 8192, 4096, 4, ... 136044544, 8192, ) == 0x0
 01614  1764   NtProtectVirtualMemory  (-1, (0x81be000), 4096, 260, ... (0x81be000), 4096, 4, ) == 0x0
 01615  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 564, {1304, 704}, ) == 0x0
 01616  1764   NtQueryInformationThread  (564, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff42000,Pid=1304,Tid=704,}, 0x0, ) == 0x0
 01617  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58104, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0\30\5\0\0\300\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0\30\5\0\0\300\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58105, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0\30\5\0\0\300\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0\30\5\0\0\300\2\0\0" )  ) == 0x0
 01618  1764   NtResumeThread  (564, ... 1, ) == 0x0
 01619  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 136052736, 1048576, ) == 0x0
 01620  1764   NtAllocateVirtualMemory  (-1, 137093120, 0, 8192, 4096, 4, ... 137093120, 8192, ) == 0x0
 01621   704   NtWaitForSingleObject  (96, 0, 0x0, ...
 01622  1764   NtProtectVirtualMemory  (-1, (0x82be000), 4096, 260, ... (0x82be000), 4096, 4, ) == 0x0
 01623  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 568, {1304, 1568}, ) == 0x0
 01624  1764   NtQueryInformationThread  (568, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff41000,Pid=1304,Tid=1568,}, 0x0, ) == 0x0
 01625  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58105, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0\30\5\0\0 \6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0\30\5\0\0 \6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58106, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0\30\5\0\0 \6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0\30\5\0\0 \6\0\0" )  ) == 0x0
 01626  1764   NtResumeThread  (568, ... 1, ) == 0x0
 01627  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01628  1568   NtWaitForSingleObject  (96, 0, 0x0, ...
 01627  1764   NtAllocateVirtualMemory  ... 137101312, 1048576, ) == 0x0
 01629  1764   NtAllocateVirtualMemory  (-1, 138141696, 0, 8192, 4096, 4, ... 138141696, 8192, ) == 0x0
 01630  1764   NtProtectVirtualMemory  (-1, (0x83be000), 4096, 260, ... (0x83be000), 4096, 4, ) == 0x0
 01631  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 572, {1304, 1104}, ) == 0x0
 01632  1764   NtQueryInformationThread  (572, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff40000,Pid=1304,Tid=1104,}, 0x0, ) == 0x0
 01633  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58106, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0\30\5\0\0P\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0\30\5\0\0P\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58107, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0\30\5\0\0P\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0\30\5\0\0P\4\0\0" )  ) == 0x0
 01634  1764   NtResumeThread  (572, ... 1, ) == 0x0
 01635  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 138149888, 1048576, ) == 0x0
 01636  1764   NtAllocateVirtualMemory  (-1, 139190272, 0, 8192, 4096, 4, ... 139190272, 8192, ) == 0x0
 01637  1104   NtWaitForSingleObject  (96, 0, 0x0, ...
 01638  1764   NtProtectVirtualMemory  (-1, (0x84be000), 4096, 260, ... (0x84be000), 4096, 4, ) == 0x0
 01639  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 576, {1304, 1352}, ) == 0x0
 01640  1764   NtQueryInformationThread  (576, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3f000,Pid=1304,Tid=1352,}, 0x0, ) == 0x0
 01641  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58107, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0\30\5\0\0H\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0\30\5\0\0H\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58108, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0\30\5\0\0H\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0\30\5\0\0H\5\0\0" )  ) == 0x0
 01642  1764   NtResumeThread  (576, ... 1, ) == 0x0
 01643  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01644  1352   NtWaitForSingleObject  (96, 0, 0x0, ...
 01643  1764   NtAllocateVirtualMemory  ... 139198464, 1048576, ) == 0x0
 01645  1764   NtAllocateVirtualMemory  (-1, 140238848, 0, 8192, 4096, 4, ... 140238848, 8192, ) == 0x0
 01646  1764   NtProtectVirtualMemory  (-1, (0x85be000), 4096, 260, ... (0x85be000), 4096, 4, ) == 0x0
 01647  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 580, {1304, 304}, ) == 0x0
 01648  1764   NtQueryInformationThread  (580, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3e000,Pid=1304,Tid=304,}, 0x0, ) == 0x0
 01649  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58108, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0\30\5\0\00\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0\30\5\0\00\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58109, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0\30\5\0\00\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0\30\5\0\00\1\0\0" )  ) == 0x0
 01650  1764   NtResumeThread  (580, ... 1, ) == 0x0
 01651  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 140247040, 1048576, ) == 0x0
 01652  1764   NtAllocateVirtualMemory  (-1, 141287424, 0, 8192, 4096, 4, ... 141287424, 8192, ) == 0x0
 01653   304   NtWaitForSingleObject  (96, 0, 0x0, ...
 01654  1764   NtProtectVirtualMemory  (-1, (0x86be000), 4096, 260, ... (0x86be000), 4096, 4, ) == 0x0
 01655  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 584, {1304, 1120}, ) == 0x0
 01656  1764   NtQueryInformationThread  (584, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3d000,Pid=1304,Tid=1120,}, 0x0, ) == 0x0
 01657  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58109, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0\30\5\0\0`\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0\30\5\0\0`\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58110, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0\30\5\0\0`\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0\30\5\0\0`\4\0\0" )  ) == 0x0
 01658  1764   NtResumeThread  (584, ... 1, ) == 0x0
 01659  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01660  1120   NtWaitForSingleObject  (96, 0, 0x0, ...
 01659  1764   NtAllocateVirtualMemory  ... 141295616, 1048576, ) == 0x0
 01661  1764   NtAllocateVirtualMemory  (-1, 142336000, 0, 8192, 4096, 4, ... 142336000, 8192, ) == 0x0
 01662  1764   NtProtectVirtualMemory  (-1, (0x87be000), 4096, 260, ... (0x87be000), 4096, 4, ) == 0x0
 01663  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 588, {1304, 1736}, ) == 0x0
 01664  1764   NtQueryInformationThread  (588, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3c000,Pid=1304,Tid=1736,}, 0x0, ) == 0x0
 01665  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58110, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0\30\5\0\0\310\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0\30\5\0\0\310\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58111, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0\30\5\0\0\310\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0\30\5\0\0\310\6\0\0" )  ) == 0x0
 01666  1764   NtResumeThread  (588, ... 1, ) == 0x0
 01667  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 142344192, 1048576, ) == 0x0
 01668  1764   NtAllocateVirtualMemory  (-1, 143384576, 0, 8192, 4096, 4, ... 143384576, 8192, ) == 0x0
 01669  1736   NtWaitForSingleObject  (96, 0, 0x0, ...
 01670  1764   NtProtectVirtualMemory  (-1, (0x88be000), 4096, 260, ... (0x88be000), 4096, 4, ) == 0x0
 01671  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 592, {1304, 576}, ) == 0x0
 01672  1764   NtQueryInformationThread  (592, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3b000,Pid=1304,Tid=576,}, 0x0, ) == 0x0
 01673  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58111, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0\30\5\0\0@\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0\30\5\0\0@\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58112, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0\30\5\0\0@\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0\30\5\0\0@\2\0\0" )  ) == 0x0
 01674  1764   NtResumeThread  (592, ... 1, ) == 0x0
 01675  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01676   576   NtWaitForSingleObject  (96, 0, 0x0, ...
 01675  1764   NtAllocateVirtualMemory  ... 143392768, 1048576, ) == 0x0
 01677  1764   NtAllocateVirtualMemory  (-1, 144433152, 0, 8192, 4096, 4, ... 144433152, 8192, ) == 0x0
 01678  1764   NtProtectVirtualMemory  (-1, (0x89be000), 4096, 260, ... (0x89be000), 4096, 4, ) == 0x0
 01679  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 596, {1304, 1624}, ) == 0x0
 01680  1764   NtQueryInformationThread  (596, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3a000,Pid=1304,Tid=1624,}, 0x0, ) == 0x0
 01681  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58112, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0\30\5\0\0X\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0\30\5\0\0X\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58113, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0\30\5\0\0X\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0\30\5\0\0X\6\0\0" )  ) == 0x0
 01682  1764   NtResumeThread  (596, ... 1, ) == 0x0
 01683  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 144441344, 1048576, ) == 0x0
 01684  1764   NtAllocateVirtualMemory  (-1, 145481728, 0, 8192, 4096, 4, ... 145481728, 8192, ) == 0x0
 01685  1624   NtWaitForSingleObject  (96, 0, 0x0, ...
 01686  1764   NtProtectVirtualMemory  (-1, (0x8abe000), 4096, 260, ... (0x8abe000), 4096, 4, ) == 0x0
 01687  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 600, {1304, 1288}, ) == 0x0
 01688  1764   NtQueryInformationThread  (600, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff39000,Pid=1304,Tid=1288,}, 0x0, ) == 0x0
 01689  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58113, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0\30\5\0\0\10\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0\30\5\0\0\10\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58114, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0\30\5\0\0\10\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0\30\5\0\0\10\5\0\0" )  ) == 0x0
 01690  1764   NtResumeThread  (600, ... 1, ) == 0x0
 01691  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01692  1288   NtWaitForSingleObject  (96, 0, 0x0, ...
 01691  1764   NtAllocateVirtualMemory  ... 145489920, 1048576, ) == 0x0
 01693  1764   NtAllocateVirtualMemory  (-1, 146530304, 0, 8192, 4096, 4, ... 146530304, 8192, ) == 0x0
 01694  1764   NtProtectVirtualMemory  (-1, (0x8bbe000), 4096, 260, ... (0x8bbe000), 4096, 4, ) == 0x0
 01695  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 604, {1304, 824}, ) == 0x0
 01696  1764   NtQueryInformationThread  (604, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff38000,Pid=1304,Tid=824,}, 0x0, ) == 0x0
 01697  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58114, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0\30\5\0\08\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0\30\5\0\08\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58115, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0\30\5\0\08\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0\30\5\0\08\3\0\0" )  ) == 0x0
 01698  1764   NtResumeThread  (604, ... 1, ) == 0x0
 01699  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 146538496, 1048576, ) == 0x0
 01700  1764   NtAllocateVirtualMemory  (-1, 147578880, 0, 8192, 4096, 4, ... 147578880, 8192, ) == 0x0
 01701   824   NtWaitForSingleObject  (96, 0, 0x0, ...
 01702  1764   NtProtectVirtualMemory  (-1, (0x8cbe000), 4096, 260, ... (0x8cbe000), 4096, 4, ) == 0x0
 01703  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 608, {1304, 1968}, ) == 0x0
 01704  1764   NtQueryInformationThread  (608, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff37000,Pid=1304,Tid=1968,}, 0x0, ) == 0x0
 01705  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58115, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0\30\5\0\0\260\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0\30\5\0\0\260\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58116, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0\30\5\0\0\260\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0\30\5\0\0\260\7\0\0" )  ) == 0x0
 01706  1764   NtResumeThread  (608, ... 1, ) == 0x0
 01707  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01708  1968   NtWaitForSingleObject  (96, 0, 0x0, ...
 01707  1764   NtAllocateVirtualMemory  ... 147587072, 1048576, ) == 0x0
 01709  1764   NtAllocateVirtualMemory  (-1, 148627456, 0, 8192, 4096, 4, ... 148627456, 8192, ) == 0x0
 01710  1764   NtProtectVirtualMemory  (-1, (0x8dbe000), 4096, 260, ... (0x8dbe000), 4096, 4, ) == 0x0
 01711  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 612, {1304, 1716}, ) == 0x0
 01712  1764   NtQueryInformationThread  (612, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff36000,Pid=1304,Tid=1716,}, 0x0, ) == 0x0
 01713  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58116, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0\30\5\0\0\264\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0\30\5\0\0\264\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58117, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0\30\5\0\0\264\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0\30\5\0\0\264\6\0\0" )  ) == 0x0
 01714  1764   NtResumeThread  (612, ... 1, ) == 0x0
 01715  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 148635648, 1048576, ) == 0x0
 01716  1764   NtAllocateVirtualMemory  (-1, 149676032, 0, 8192, 4096, 4, ... 149676032, 8192, ) == 0x0
 01717  1716   NtWaitForSingleObject  (96, 0, 0x0, ...
 01718  1764   NtProtectVirtualMemory  (-1, (0x8ebe000), 4096, 260, ... (0x8ebe000), 4096, 4, ) == 0x0
 01719  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 616, {1304, 1404}, ) == 0x0
 01720  1764   NtQueryInformationThread  (616, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff35000,Pid=1304,Tid=1404,}, 0x0, ) == 0x0
 01721  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58117, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0\30\5\0\0|\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0\30\5\0\0|\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58118, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0\30\5\0\0|\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0\30\5\0\0|\5\0\0" )  ) == 0x0
 01722  1764   NtResumeThread  (616, ... 1, ) == 0x0
 01723  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01724  1404   NtWaitForSingleObject  (96, 0, 0x0, ...
 01723  1764   NtAllocateVirtualMemory  ... 149684224, 1048576, ) == 0x0
 01725  1764   NtAllocateVirtualMemory  (-1, 150724608, 0, 8192, 4096, 4, ... 150724608, 8192, ) == 0x0
 01726  1764   NtProtectVirtualMemory  (-1, (0x8fbe000), 4096, 260, ... (0x8fbe000), 4096, 4, ) == 0x0
 01727  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 620, {1304, 1440}, ) == 0x0
 01728  1764   NtQueryInformationThread  (620, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff34000,Pid=1304,Tid=1440,}, 0x0, ) == 0x0
 01729  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58118, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0\30\5\0\0\240\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0\30\5\0\0\240\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58119, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0\30\5\0\0\240\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0\30\5\0\0\240\5\0\0" )  ) == 0x0
 01730  1764   NtResumeThread  (620, ... 1, ) == 0x0
 01731  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 150732800, 1048576, ) == 0x0
 01732  1764   NtAllocateVirtualMemory  (-1, 151773184, 0, 8192, 4096, 4, ... 151773184, 8192, ) == 0x0
 01733  1440   NtWaitForSingleObject  (96, 0, 0x0, ...
 01734  1764   NtProtectVirtualMemory  (-1, (0x90be000), 4096, 260, ... (0x90be000), 4096, 4, ) == 0x0
 01735  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 624, {1304, 760}, ) == 0x0
 01736  1764   NtQueryInformationThread  (624, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff33000,Pid=1304,Tid=760,}, 0x0, ) == 0x0
 01737  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58119, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0\30\5\0\0\370\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0\30\5\0\0\370\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58120, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0\30\5\0\0\370\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0\30\5\0\0\370\2\0\0" )  ) == 0x0
 01738  1764   NtResumeThread  (624, ... 1, ) == 0x0
 01739  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01740   760   NtWaitForSingleObject  (96, 0, 0x0, ...
 01739  1764   NtAllocateVirtualMemory  ... 151781376, 1048576, ) == 0x0
 01741  1764   NtAllocateVirtualMemory  (-1, 152821760, 0, 8192, 4096, 4, ... 152821760, 8192, ) == 0x0
 01742  1764   NtProtectVirtualMemory  (-1, (0x91be000), 4096, 260, ... (0x91be000), 4096, 4, ) == 0x0
 01743  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 628, {1304, 1928}, ) == 0x0
 01744  1764   NtQueryInformationThread  (628, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff32000,Pid=1304,Tid=1928,}, 0x0, ) == 0x0
 01745  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58120, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0\30\5\0\0\210\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0\30\5\0\0\210\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58121, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0\30\5\0\0\210\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0\30\5\0\0\210\7\0\0" )  ) == 0x0
 01746  1764   NtResumeThread  (628, ... 1, ) == 0x0
 01747  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 152829952, 1048576, ) == 0x0
 01748  1764   NtAllocateVirtualMemory  (-1, 153870336, 0, 8192, 4096, 4, ... 153870336, 8192, ) == 0x0
 01749  1928   NtWaitForSingleObject  (96, 0, 0x0, ...
 01750  1764   NtProtectVirtualMemory  (-1, (0x92be000), 4096, 260, ... (0x92be000), 4096, 4, ) == 0x0
 01751  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 632, {1304, 808}, ) == 0x0
 01752  1764   NtQueryInformationThread  (632, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff31000,Pid=1304,Tid=808,}, 0x0, ) == 0x0
 01753  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58121, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0\30\5\0\0(\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0\30\5\0\0(\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58122, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0\30\5\0\0(\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0\30\5\0\0(\3\0\0" )  ) == 0x0
 01754  1764   NtResumeThread  (632, ... 1, ) == 0x0
 01755  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01756   808   NtWaitForSingleObject  (96, 0, 0x0, ...
 01755  1764   NtAllocateVirtualMemory  ... 153878528, 1048576, ) == 0x0
 01757  1764   NtAllocateVirtualMemory  (-1, 154918912, 0, 8192, 4096, 4, ... 154918912, 8192, ) == 0x0
 01758  1764   NtProtectVirtualMemory  (-1, (0x93be000), 4096, 260, ... (0x93be000), 4096, 4, ) == 0x0
 01759  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 636, {1304, 1516}, ) == 0x0
 01760  1764   NtQueryInformationThread  (636, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff30000,Pid=1304,Tid=1516,}, 0x0, ) == 0x0
 01761  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58122, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0\30\5\0\0\354\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0\30\5\0\0\354\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58123, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0\30\5\0\0\354\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0\30\5\0\0\354\5\0\0" )  ) == 0x0
 01762  1764   NtResumeThread  (636, ... 1, ) == 0x0
 01763  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 154927104, 1048576, ) == 0x0
 01764  1764   NtAllocateVirtualMemory  (-1, 155967488, 0, 8192, 4096, 4, ... 155967488, 8192, ) == 0x0
 01765  1516   NtWaitForSingleObject  (96, 0, 0x0, ...
 01766  1764   NtProtectVirtualMemory  (-1, (0x94be000), 4096, 260, ... (0x94be000), 4096, 4, ) == 0x0
 01767  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 640, {1304, 1664}, ) == 0x0
 01768  1764   NtQueryInformationThread  (640, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2f000,Pid=1304,Tid=1664,}, 0x0, ) == 0x0
 01769  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58123, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0\30\5\0\0\200\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0\30\5\0\0\200\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58124, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0\30\5\0\0\200\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0\30\5\0\0\200\6\0\0" )  ) == 0x0
 01770  1764   NtResumeThread  (640, ... 1, ) == 0x0
 01771  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01772  1664   NtWaitForSingleObject  (96, 0, 0x0, ...
 01771  1764   NtAllocateVirtualMemory  ... 155975680, 1048576, ) == 0x0
 01773  1764   NtAllocateVirtualMemory  (-1, 157016064, 0, 8192, 4096, 4, ... 157016064, 8192, ) == 0x0
 01774  1764   NtProtectVirtualMemory  (-1, (0x95be000), 4096, 260, ... (0x95be000), 4096, 4, ) == 0x0
 01775  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 644, {1304, 1972}, ) == 0x0
 01776  1764   NtQueryInformationThread  (644, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2e000,Pid=1304,Tid=1972,}, 0x0, ) == 0x0
 01777  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58124, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0\30\5\0\0\264\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0\30\5\0\0\264\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58125, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0\30\5\0\0\264\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0\30\5\0\0\264\7\0\0" )  ) == 0x0
 01778  1764   NtResumeThread  (644, ... 1, ) == 0x0
 01779  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 157024256, 1048576, ) == 0x0
 01780  1764   NtAllocateVirtualMemory  (-1, 158064640, 0, 8192, 4096, 4, ... 158064640, 8192, ) == 0x0
 01781  1972   NtWaitForSingleObject  (96, 0, 0x0, ...
 01782  1764   NtProtectVirtualMemory  (-1, (0x96be000), 4096, 260, ... (0x96be000), 4096, 4, ) == 0x0
 01783  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 648, {1304, 928}, ) == 0x0
 01784  1764   NtQueryInformationThread  (648, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2d000,Pid=1304,Tid=928,}, 0x0, ) == 0x0
 01785  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58125, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0\30\5\0\0\240\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0\30\5\0\0\240\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58126, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0\30\5\0\0\240\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0\30\5\0\0\240\3\0\0" )  ) == 0x0
 01786  1764   NtResumeThread  (648, ... 1, ) == 0x0
 01787  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 158072832, 1048576, ) == 0x0
 01788  1764   NtAllocateVirtualMemory  (-1, 159113216, 0, 8192, 4096, 4, ... 159113216, 8192, ) == 0x0
 01789   928   NtWaitForSingleObject  (96, 0, 0x0, ...
 01790  1764   NtProtectVirtualMemory  (-1, (0x97be000), 4096, 260, ... (0x97be000), 4096, 4, ) == 0x0
 01791  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 652, {1304, 1740}, ) == 0x0
 01792  1764   NtQueryInformationThread  (652, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2c000,Pid=1304,Tid=1740,}, 0x0, ) == 0x0
 01793  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58126, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0\30\5\0\0\314\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0\30\5\0\0\314\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58127, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0\30\5\0\0\314\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0\30\5\0\0\314\6\0\0" )  ) == 0x0
 01794  1764   NtResumeThread  (652, ... 1, ) == 0x0
 01795  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01796  1740   NtWaitForSingleObject  (96, 0, 0x0, ...
 01795  1764   NtAllocateVirtualMemory  ... 159121408, 1048576, ) == 0x0
 01797  1764   NtAllocateVirtualMemory  (-1, 160161792, 0, 8192, 4096, 4, ... 160161792, 8192, ) == 0x0
 01798  1764   NtProtectVirtualMemory  (-1, (0x98be000), 4096, 260, ... (0x98be000), 4096, 4, ) == 0x0
 01799  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 656, {1304, 1656}, ) == 0x0
 01800  1764   NtQueryInformationThread  (656, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2b000,Pid=1304,Tid=1656,}, 0x0, ) == 0x0
 01801  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58127, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0\30\5\0\0x\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0\30\5\0\0x\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58128, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0\30\5\0\0x\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0\30\5\0\0x\6\0\0" )  ) == 0x0
 01802  1764   NtResumeThread  (656, ... 1, ) == 0x0
 01803  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 160169984, 1048576, ) == 0x0
 01804  1764   NtAllocateVirtualMemory  (-1, 161210368, 0, 8192, 4096, 4, ... 161210368, 8192, ) == 0x0
 01805  1656   NtWaitForSingleObject  (96, 0, 0x0, ...
 01806  1764   NtProtectVirtualMemory  (-1, (0x99be000), 4096, 260, ... (0x99be000), 4096, 4, ) == 0x0
 01807  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 660, {1304, 1248}, ) == 0x0
 01808  1764   NtQueryInformationThread  (660, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2a000,Pid=1304,Tid=1248,}, 0x0, ) == 0x0
 01809  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58128, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0\30\5\0\0\340\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0\30\5\0\0\340\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58129, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0\30\5\0\0\340\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0\30\5\0\0\340\4\0\0" )  ) == 0x0
 01810  1764   NtResumeThread  (660, ... 1, ) == 0x0
 01811  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01812  1248   NtWaitForSingleObject  (96, 0, 0x0, ...
 01811  1764   NtAllocateVirtualMemory  ... 161218560, 1048576, ) == 0x0
 01813  1764   NtAllocateVirtualMemory  (-1, 162258944, 0, 8192, 4096, 4, ... 162258944, 8192, ) == 0x0
 01814  1764   NtProtectVirtualMemory  (-1, (0x9abe000), 4096, 260, ... (0x9abe000), 4096, 4, ) == 0x0
 01815  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 664, {1304, 1036}, ) == 0x0
 01816  1764   NtQueryInformationThread  (664, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff29000,Pid=1304,Tid=1036,}, 0x0, ) == 0x0
 01817  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58129, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0\30\5\0\0\14\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0\30\5\0\0\14\4\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58130, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0\30\5\0\0\14\4\0\0" ... {28, 56, reply, 0, 1304, 1764, 58130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0\30\5\0\0\14\4\0\0" )  ) == 0x0
 01818  1764   NtResumeThread  (664, ... 1, ) == 0x0
 01819  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 162267136, 1048576, ) == 0x0
 01820  1764   NtAllocateVirtualMemory  (-1, 163307520, 0, 8192, 4096, 4, ... 163307520, 8192, ) == 0x0
 01821  1036   NtWaitForSingleObject  (96, 0, 0x0, ...
 01822  1764   NtProtectVirtualMemory  (-1, (0x9bbe000), 4096, 260, ... (0x9bbe000), 4096, 4, ) == 0x0
 01823  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 668, {1304, 464}, ) == 0x0
 01824  1764   NtQueryInformationThread  (668, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff28000,Pid=1304,Tid=464,}, 0x0, ) == 0x0
 01825  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58130, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0\30\5\0\0\320\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0\30\5\0\0\320\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58131, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0\30\5\0\0\320\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0\30\5\0\0\320\1\0\0" )  ) == 0x0
 01826  1764   NtResumeThread  (668, ... 1, ) == 0x0
 01827  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01828   464   NtWaitForSingleObject  (96, 0, 0x0, ...
 01827  1764   NtAllocateVirtualMemory  ... 163315712, 1048576, ) == 0x0
 01829  1764   NtAllocateVirtualMemory  (-1, 164356096, 0, 8192, 4096, 4, ... 164356096, 8192, ) == 0x0
 01830  1764   NtProtectVirtualMemory  (-1, (0x9cbe000), 4096, 260, ... (0x9cbe000), 4096, 4, ) == 0x0
 01831  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 672, {1304, 860}, ) == 0x0
 01832  1764   NtQueryInformationThread  (672, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff27000,Pid=1304,Tid=860,}, 0x0, ) == 0x0
 01833  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58131, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0\30\5\0\0\\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0\30\5\0\0\\3\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58132, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0\30\5\0\0\\3\0\0" ... {28, 56, reply, 0, 1304, 1764, 58132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0\30\5\0\0\\3\0\0" )  ) == 0x0
 01834  1764   NtResumeThread  (672, ... 1, ) == 0x0
 01835  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 164364288, 1048576, ) == 0x0
 01836  1764   NtAllocateVirtualMemory  (-1, 165404672, 0, 8192, 4096, 4, ... 165404672, 8192, ) == 0x0
 01837   860   NtWaitForSingleObject  (96, 0, 0x0, ...
 01838  1764   NtProtectVirtualMemory  (-1, (0x9dbe000), 4096, 260, ... (0x9dbe000), 4096, 4, ) == 0x0
 01839  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 676, {1304, 484}, ) == 0x0
 01840  1764   NtQueryInformationThread  (676, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff26000,Pid=1304,Tid=484,}, 0x0, ) == 0x0
 01841  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58132, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0\30\5\0\0\344\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0\30\5\0\0\344\1\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58133, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0\30\5\0\0\344\1\0\0" ... {28, 56, reply, 0, 1304, 1764, 58133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0\30\5\0\0\344\1\0\0" )  ) == 0x0
 01842  1764   NtResumeThread  (676, ... 1, ) == 0x0
 01843  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01844   484   NtWaitForSingleObject  (96, 0, 0x0, ...
 01843  1764   NtAllocateVirtualMemory  ... 165412864, 1048576, ) == 0x0
 01845  1764   NtAllocateVirtualMemory  (-1, 166453248, 0, 8192, 4096, 4, ... 166453248, 8192, ) == 0x0
 01846  1764   NtProtectVirtualMemory  (-1, (0x9ebe000), 4096, 260, ... (0x9ebe000), 4096, 4, ) == 0x0
 01847  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 680, {1304, 748}, ) == 0x0
 01848  1764   NtQueryInformationThread  (680, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff25000,Pid=1304,Tid=748,}, 0x0, ) == 0x0
 01849  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58133, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0\30\5\0\0\354\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0\30\5\0\0\354\2\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58134, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0\30\5\0\0\354\2\0\0" ... {28, 56, reply, 0, 1304, 1764, 58134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0\30\5\0\0\354\2\0\0" )  ) == 0x0
 01850  1764   NtResumeThread  (680, ... 1, ) == 0x0
 01851  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 166461440, 1048576, ) == 0x0
 01852  1764   NtAllocateVirtualMemory  (-1, 167501824, 0, 8192, 4096, 4, ... 167501824, 8192, ) == 0x0
 01853   748   NtWaitForSingleObject  (96, 0, 0x0, ...
 01854  1764   NtProtectVirtualMemory  (-1, (0x9fbe000), 4096, 260, ... (0x9fbe000), 4096, 4, ) == 0x0
 01855  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 684, {1304, 1580}, ) == 0x0
 01856  1764   NtQueryInformationThread  (684, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff24000,Pid=1304,Tid=1580,}, 0x0, ) == 0x0
 01857  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58134, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0\30\5\0\0,\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0\30\5\0\0,\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58135, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0\30\5\0\0,\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0\30\5\0\0,\6\0\0" )  ) == 0x0
 01858  1764   NtResumeThread  (684, ... 1, ) == 0x0
 01859  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01860  1580   NtWaitForSingleObject  (96, 0, 0x0, ...
 01859  1764   NtAllocateVirtualMemory  ... 167510016, 1048576, ) == 0x0
 01861  1764   NtAllocateVirtualMemory  (-1, 168550400, 0, 8192, 4096, 4, ... 168550400, 8192, ) == 0x0
 01862  1764   NtProtectVirtualMemory  (-1, (0xa0be000), 4096, 260, ... (0xa0be000), 4096, 4, ) == 0x0
 01863  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 688, {1304, 1756}, ) == 0x0
 01864  1764   NtQueryInformationThread  (688, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff23000,Pid=1304,Tid=1756,}, 0x0, ) == 0x0
 01865  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58135, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0\30\5\0\0\334\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0\30\5\0\0\334\6\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58136, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0\30\5\0\0\334\6\0\0" ... {28, 56, reply, 0, 1304, 1764, 58136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0\30\5\0\0\334\6\0\0" )  ) == 0x0
 01866  1764   NtResumeThread  (688, ... 1, ) == 0x0
 01867  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 168558592, 1048576, ) == 0x0
 01868  1764   NtAllocateVirtualMemory  (-1, 169598976, 0, 8192, 4096, 4, ... 169598976, 8192, ) == 0x0
 01869  1756   NtWaitForSingleObject  (96, 0, 0x0, ...
 01870  1764   NtProtectVirtualMemory  (-1, (0xa1be000), 4096, 260, ... (0xa1be000), 4096, 4, ) == 0x0
 01871  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 692, {1304, 1292}, ) == 0x0
 01872  1764   NtQueryInformationThread  (692, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff22000,Pid=1304,Tid=1292,}, 0x0, ) == 0x0
 01873  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58136, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0\30\5\0\0\14\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0\30\5\0\0\14\5\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58137, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0\30\5\0\0\14\5\0\0" ... {28, 56, reply, 0, 1304, 1764, 58137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0\30\5\0\0\14\5\0\0" )  ) == 0x0
 01874  1764   NtResumeThread  (692, ... 1, ) == 0x0
 01875  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01876  1292   NtWaitForSingleObject  (96, 0, 0x0, ...
 01875  1764   NtAllocateVirtualMemory  ... 169607168, 1048576, ) == 0x0
 01877  1764   NtAllocateVirtualMemory  (-1, 170647552, 0, 8192, 4096, 4, ... 170647552, 8192, ) == 0x0
 01878  1764   NtProtectVirtualMemory  (-1, (0xa2be000), 4096, 260, ... (0xa2be000), 4096, 4, ) == 0x0
 01879  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 696, {1304, 1956}, ) == 0x0
 01880  1764   NtQueryInformationThread  (696, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff21000,Pid=1304,Tid=1956,}, 0x0, ) == 0x0
 01881  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58137, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0\30\5\0\0\244\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0\30\5\0\0\244\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58138, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0\30\5\0\0\244\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0\30\5\0\0\244\7\0\0" )  ) == 0x0
 01882  1764   NtResumeThread  (696, ... 1, ) == 0x0
 01883  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 170655744, 1048576, ) == 0x0
 01884  1764   NtAllocateVirtualMemory  (-1, 171696128, 0, 8192, 4096, 4, ... 171696128, 8192, ) == 0x0
 01885  1956   NtWaitForSingleObject  (96, 0, 0x0, ...
 01886  1764   NtProtectVirtualMemory  (-1, (0xa3be000), 4096, 260, ... (0xa3be000), 4096, 4, ) == 0x0
 01887  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 700, {1304, 1980}, ) == 0x0
 01888  1764   NtQueryInformationThread  (700, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff20000,Pid=1304,Tid=1980,}, 0x0, ) == 0x0
 01889  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58138, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0\30\5\0\0\274\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0\30\5\0\0\274\7\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58139, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0\30\5\0\0\274\7\0\0" ... {28, 56, reply, 0, 1304, 1764, 58139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0\30\5\0\0\274\7\0\0" )  ) == 0x0
 01890  1764   NtResumeThread  (700, ... 1, ) == 0x0
 01891  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01892  1980   NtWaitForSingleObject  (96, 0, 0x0, ...
 01891  1764   NtAllocateVirtualMemory  ... 171704320, 1048576, ) == 0x0
 01893  1764   NtAllocateVirtualMemory  (-1, 172744704, 0, 8192, 4096, 4, ... 172744704, 8192, ) == 0x0
 01894  1764   NtProtectVirtualMemory  (-1, (0xa4be000), 4096, 260, ... (0xa4be000), 4096, 4, ) == 0x0
 01895  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 704, {1304, 2056}, ) == 0x0
 01896  1764   NtQueryInformationThread  (704, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1f000,Pid=1304,Tid=2056,}, 0x0, ) == 0x0
 01897  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58139, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0\30\5\0\0\10\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0\30\5\0\0\10\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58140, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0\30\5\0\0\10\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0\30\5\0\0\10\10\0\0" )  ) == 0x0
 01898  1764   NtResumeThread  (704, ... 1, ) == 0x0
 01899  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 172752896, 1048576, ) == 0x0
 01900  1764   NtAllocateVirtualMemory  (-1, 173793280, 0, 8192, 4096, 4, ... 173793280, 8192, ) == 0x0
 01901  2056   NtWaitForSingleObject  (96, 0, 0x0, ...
 01902  1764   NtProtectVirtualMemory  (-1, (0xa5be000), 4096, 260, ... (0xa5be000), 4096, 4, ) == 0x0
 01903  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 708, {1304, 2060}, ) == 0x0
 01904  1764   NtQueryInformationThread  (708, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1e000,Pid=1304,Tid=2060,}, 0x0, ) == 0x0
 01905  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58140, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0\30\5\0\0\14\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0\30\5\0\0\14\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58141, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0\30\5\0\0\14\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0\30\5\0\0\14\10\0\0" )  ) == 0x0
 01906  1764   NtResumeThread  (708, ... 1, ) == 0x0
 01907  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01908  2060   NtWaitForSingleObject  (96, 0, 0x0, ...
 01907  1764   NtAllocateVirtualMemory  ... 173801472, 1048576, ) == 0x0
 01909  1764   NtAllocateVirtualMemory  (-1, 174841856, 0, 8192, 4096, 4, ... 174841856, 8192, ) == 0x0
 01910  1764   NtProtectVirtualMemory  (-1, (0xa6be000), 4096, 260, ... (0xa6be000), 4096, 4, ) == 0x0
 01911  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 712, {1304, 2064}, ) == 0x0
 01912  1764   NtQueryInformationThread  (712, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1d000,Pid=1304,Tid=2064,}, 0x0, ) == 0x0
 01913  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58141, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0\30\5\0\0\20\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0\30\5\0\0\20\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58142, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0\30\5\0\0\20\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0\30\5\0\0\20\10\0\0" )  ) == 0x0
 01914  1764   NtResumeThread  (712, ... 1, ) == 0x0
 01915  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 174850048, 1048576, ) == 0x0
 01916  1764   NtAllocateVirtualMemory  (-1, 175890432, 0, 8192, 4096, 4, ... 175890432, 8192, ) == 0x0
 01917  2064   NtWaitForSingleObject  (96, 0, 0x0, ...
 01918  1764   NtProtectVirtualMemory  (-1, (0xa7be000), 4096, 260, ... (0xa7be000), 4096, 4, ) == 0x0
 01919  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 716, {1304, 2068}, ) == 0x0
 01920  1764   NtQueryInformationThread  (716, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1c000,Pid=1304,Tid=2068,}, 0x0, ) == 0x0
 01921  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58142, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0\30\5\0\0\24\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58143, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0\30\5\0\0\24\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58143, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0\30\5\0\0\24\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58143, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0\30\5\0\0\24\10\0\0" )  ) == 0x0
 01922  1764   NtResumeThread  (716, ... 1, ) == 0x0
 01923  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01924  2068   NtWaitForSingleObject  (96, 0, 0x0, ...
 01923  1764   NtAllocateVirtualMemory  ... 175898624, 1048576, ) == 0x0
 01925  1764   NtAllocateVirtualMemory  (-1, 176939008, 0, 8192, 4096, 4, ... 176939008, 8192, ) == 0x0
 01926  1764   NtProtectVirtualMemory  (-1, (0xa8be000), 4096, 260, ... (0xa8be000), 4096, 4, ) == 0x0
 01927  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 720, {1304, 2072}, ) == 0x0
 01928  1764   NtQueryInformationThread  (720, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1b000,Pid=1304,Tid=2072,}, 0x0, ) == 0x0
 01929  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58143, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58143, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0\30\5\0\0\30\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58144, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0\30\5\0\0\30\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58144, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58143, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0\30\5\0\0\30\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58144, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0\30\5\0\0\30\10\0\0" )  ) == 0x0
 01930  1764   NtResumeThread  (720, ... 1, ) == 0x0
 01931  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 176947200, 1048576, ) == 0x0
 01932  1764   NtAllocateVirtualMemory  (-1, 177987584, 0, 8192, 4096, 4, ... 177987584, 8192, ) == 0x0
 01933  2072   NtWaitForSingleObject  (96, 0, 0x0, ...
 01934  1764   NtProtectVirtualMemory  (-1, (0xa9be000), 4096, 260, ... (0xa9be000), 4096, 4, ) == 0x0
 01935  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 724, {1304, 2076}, ) == 0x0
 01936  1764   NtQueryInformationThread  (724, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1a000,Pid=1304,Tid=2076,}, 0x0, ) == 0x0
 01937  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58144, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58144, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0\30\5\0\0\34\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0\30\5\0\0\34\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58145, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58144, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0\30\5\0\0\34\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0\30\5\0\0\34\10\0\0" )  ) == 0x0
 01938  1764   NtResumeThread  (724, ... 1, ) == 0x0
 01939  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01940  2076   NtWaitForSingleObject  (96, 0, 0x0, ...
 01939  1764   NtAllocateVirtualMemory  ... 177995776, 1048576, ) == 0x0
 01941  1764   NtAllocateVirtualMemory  (-1, 179036160, 0, 8192, 4096, 4, ... 179036160, 8192, ) == 0x0
 01942  1764   NtProtectVirtualMemory  (-1, (0xaabe000), 4096, 260, ... (0xaabe000), 4096, 4, ) == 0x0
 01943  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 728, {1304, 2080}, ) == 0x0
 01944  1764   NtQueryInformationThread  (728, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff19000,Pid=1304,Tid=2080,}, 0x0, ) == 0x0
 01945  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58145, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0\30\5\0\0 \10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0\30\5\0\0 \10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58146, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0\30\5\0\0 \10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0\30\5\0\0 \10\0\0" )  ) == 0x0
 01946  1764   NtResumeThread  (728, ... 1, ) == 0x0
 01947  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 179044352, 1048576, ) == 0x0
 01948  1764   NtAllocateVirtualMemory  (-1, 180084736, 0, 8192, 4096, 4, ... 180084736, 8192, ) == 0x0
 01949  2080   NtWaitForSingleObject  (96, 0, 0x0, ...
 01950  1764   NtProtectVirtualMemory  (-1, (0xabbe000), 4096, 260, ... (0xabbe000), 4096, 4, ) == 0x0
 01951  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 732, {1304, 2084}, ) == 0x0
 01952  1764   NtQueryInformationThread  (732, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff18000,Pid=1304,Tid=2084,}, 0x0, ) == 0x0
 01953  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58146, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0\30\5\0\0$\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0\30\5\0\0$\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58147, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0\30\5\0\0$\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0\30\5\0\0$\10\0\0" )  ) == 0x0
 01954  1764   NtResumeThread  (732, ... 1, ) == 0x0
 01955  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01956  2084   NtWaitForSingleObject  (96, 0, 0x0, ...
 01955  1764   NtAllocateVirtualMemory  ... 180092928, 1048576, ) == 0x0
 01957  1764   NtAllocateVirtualMemory  (-1, 181133312, 0, 8192, 4096, 4, ... 181133312, 8192, ) == 0x0
 01958  1764   NtProtectVirtualMemory  (-1, (0xacbe000), 4096, 260, ... (0xacbe000), 4096, 4, ) == 0x0
 01959  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 736, {1304, 2088}, ) == 0x0
 01960  1764   NtQueryInformationThread  (736, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff17000,Pid=1304,Tid=2088,}, 0x0, ) == 0x0
 01961  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58147, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0\30\5\0\0(\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0\30\5\0\0(\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58148, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0\30\5\0\0(\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0\30\5\0\0(\10\0\0" )  ) == 0x0
 01962  1764   NtResumeThread  (736, ... 1, ) == 0x0
 01963  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 181141504, 1048576, ) == 0x0
 01964  1764   NtAllocateVirtualMemory  (-1, 182181888, 0, 8192, 4096, 4, ... 182181888, 8192, ) == 0x0
 01965  2088   NtWaitForSingleObject  (96, 0, 0x0, ...
 01966  1764   NtProtectVirtualMemory  (-1, (0xadbe000), 4096, 260, ... (0xadbe000), 4096, 4, ) == 0x0
 01967  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 740, {1304, 2092}, ) == 0x0
 01968  1764   NtQueryInformationThread  (740, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff16000,Pid=1304,Tid=2092,}, 0x0, ) == 0x0
 01969  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58148, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0\30\5\0\0,\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0\30\5\0\0,\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58149, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0\30\5\0\0,\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0\30\5\0\0,\10\0\0" )  ) == 0x0
 01970  1764   NtResumeThread  (740, ... 1, ) == 0x0
 01971  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01972  2092   NtWaitForSingleObject  (96, 0, 0x0, ...
 01971  1764   NtAllocateVirtualMemory  ... 182190080, 1048576, ) == 0x0
 01973  1764   NtAllocateVirtualMemory  (-1, 183230464, 0, 8192, 4096, 4, ... 183230464, 8192, ) == 0x0
 01974  1764   NtProtectVirtualMemory  (-1, (0xaebe000), 4096, 260, ... (0xaebe000), 4096, 4, ) == 0x0
 01975  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 744, {1304, 2096}, ) == 0x0
 01976  1764   NtQueryInformationThread  (744, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff15000,Pid=1304,Tid=2096,}, 0x0, ) == 0x0
 01977  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58149, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0\30\5\0\00\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0\30\5\0\00\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58150, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0\30\5\0\00\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0\30\5\0\00\10\0\0" )  ) == 0x0
 01978  1764   NtResumeThread  (744, ... 1, ) == 0x0
 01979  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 183238656, 1048576, ) == 0x0
 01980  1764   NtAllocateVirtualMemory  (-1, 184279040, 0, 8192, 4096, 4, ... 184279040, 8192, ) == 0x0
 01981  2096   NtWaitForSingleObject  (96, 0, 0x0, ...
 01982  1764   NtProtectVirtualMemory  (-1, (0xafbe000), 4096, 260, ... (0xafbe000), 4096, 4, ) == 0x0
 01983  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 748, {1304, 2100}, ) == 0x0
 01984  1764   NtQueryInformationThread  (748, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff14000,Pid=1304,Tid=2100,}, 0x0, ) == 0x0
 01985  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58150, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0\30\5\0\04\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0\30\5\0\04\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58151, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0\30\5\0\04\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0\30\5\0\04\10\0\0" )  ) == 0x0
 01986  1764   NtResumeThread  (748, ... 1, ) == 0x0
 01987  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01988  2100   NtWaitForSingleObject  (96, 0, 0x0, ...
 01987  1764   NtAllocateVirtualMemory  ... 184287232, 1048576, ) == 0x0
 01989  1764   NtAllocateVirtualMemory  (-1, 185327616, 0, 8192, 4096, 4, ... 185327616, 8192, ) == 0x0
 01990  1764   NtProtectVirtualMemory  (-1, (0xb0be000), 4096, 260, ... (0xb0be000), 4096, 4, ) == 0x0
 01991  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 752, {1304, 2104}, ) == 0x0
 01992  1764   NtQueryInformationThread  (752, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff13000,Pid=1304,Tid=2104,}, 0x0, ) == 0x0
 01993  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58151, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0\30\5\0\08\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0\30\5\0\08\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58152, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0\30\5\0\08\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0\30\5\0\08\10\0\0" )  ) == 0x0
 01994  1764   NtResumeThread  (752, ... 1, ) == 0x0
 01995  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 185335808, 1048576, ) == 0x0
 01996  1764   NtAllocateVirtualMemory  (-1, 186376192, 0, 8192, 4096, 4, ... 186376192, 8192, ) == 0x0
 01997  2104   NtWaitForSingleObject  (96, 0, 0x0, ...
 01998  1764   NtProtectVirtualMemory  (-1, (0xb1be000), 4096, 260, ... (0xb1be000), 4096, 4, ) == 0x0
 01999  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 756, {1304, 2120}, ) == 0x0
 02000  1764   NtQueryInformationThread  (756, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff12000,Pid=1304,Tid=2120,}, 0x0, ) == 0x0
 02001  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58152, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0\30\5\0\0H\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0\30\5\0\0H\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58153, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0\30\5\0\0H\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0\30\5\0\0H\10\0\0" )  ) == 0x0
 02002  1764   NtResumeThread  (756, ... 1, ) == 0x0
 02003  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02004  2120   NtWaitForSingleObject  (96, 0, 0x0, ...
 02003  1764   NtAllocateVirtualMemory  ... 186384384, 1048576, ) == 0x0
 02005  1764   NtAllocateVirtualMemory  (-1, 187424768, 0, 8192, 4096, 4, ... 187424768, 8192, ) == 0x0
 02006  1764   NtProtectVirtualMemory  (-1, (0xb2be000), 4096, 260, ... (0xb2be000), 4096, 4, ) == 0x0
 02007  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 760, {1304, 2124}, ) == 0x0
 02008  1764   NtQueryInformationThread  (760, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff11000,Pid=1304,Tid=2124,}, 0x0, ) == 0x0
 02009  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58153, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0\30\5\0\0L\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0\30\5\0\0L\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58154, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0\30\5\0\0L\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0\30\5\0\0L\10\0\0" )  ) == 0x0
 02010  1764   NtResumeThread  (760, ... 1, ) == 0x0
 02011  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 187432960, 1048576, ) == 0x0
 02012  1764   NtAllocateVirtualMemory  (-1, 188473344, 0, 8192, 4096, 4, ... 188473344, 8192, ) == 0x0
 02013  2124   NtWaitForSingleObject  (96, 0, 0x0, ...
 02014  1764   NtProtectVirtualMemory  (-1, (0xb3be000), 4096, 260, ... (0xb3be000), 4096, 4, ) == 0x0
 02015  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 764, {1304, 2128}, ) == 0x0
 02016  1764   NtQueryInformationThread  (764, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff10000,Pid=1304,Tid=2128,}, 0x0, ) == 0x0
 02017  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58154, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0\30\5\0\0P\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0\30\5\0\0P\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58155, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0\30\5\0\0P\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0\30\5\0\0P\10\0\0" )  ) == 0x0
 02018  1764   NtResumeThread  (764, ... 1, ) == 0x0
 02019  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02020  2128   NtWaitForSingleObject  (96, 0, 0x0, ...
 02019  1764   NtAllocateVirtualMemory  ... 188481536, 1048576, ) == 0x0
 02021  1764   NtAllocateVirtualMemory  (-1, 189521920, 0, 8192, 4096, 4, ... 189521920, 8192, ) == 0x0
 02022  1764   NtProtectVirtualMemory  (-1, (0xb4be000), 4096, 260, ... (0xb4be000), 4096, 4, ) == 0x0
 02023  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 768, {1304, 2132}, ) == 0x0
 02024  1764   NtQueryInformationThread  (768, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0f000,Pid=1304,Tid=2132,}, 0x0, ) == 0x0
 02025  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58155, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0\30\5\0\0T\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0\30\5\0\0T\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58156, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0\30\5\0\0T\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0\30\5\0\0T\10\0\0" )  ) == 0x0
 02026  1764   NtResumeThread  (768, ... 1, ) == 0x0
 02027  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 189530112, 1048576, ) == 0x0
 02028  1764   NtAllocateVirtualMemory  (-1, 190570496, 0, 8192, 4096, 4, ... 190570496, 8192, ) == 0x0
 02029  2132   NtWaitForSingleObject  (96, 0, 0x0, ...
 02030  1764   NtProtectVirtualMemory  (-1, (0xb5be000), 4096, 260, ... (0xb5be000), 4096, 4, ) == 0x0
 02031  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 772, {1304, 2136}, ) == 0x0
 02032  1764   NtQueryInformationThread  (772, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0e000,Pid=1304,Tid=2136,}, 0x0, ) == 0x0
 02033  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58156, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0\30\5\0\0X\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0\30\5\0\0X\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58157, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0\30\5\0\0X\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0\30\5\0\0X\10\0\0" )  ) == 0x0
 02034  1764   NtResumeThread  (772, ... 1, ) == 0x0
 02035  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02036  2136   NtWaitForSingleObject  (96, 0, 0x0, ...
 02035  1764   NtAllocateVirtualMemory  ... 190578688, 1048576, ) == 0x0
 02037  1764   NtAllocateVirtualMemory  (-1, 191619072, 0, 8192, 4096, 4, ... 191619072, 8192, ) == 0x0
 02038  1764   NtProtectVirtualMemory  (-1, (0xb6be000), 4096, 260, ... (0xb6be000), 4096, 4, ) == 0x0
 02039  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 776, {1304, 2140}, ) == 0x0
 02040  1764   NtQueryInformationThread  (776, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0d000,Pid=1304,Tid=2140,}, 0x0, ) == 0x0
 02041  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58157, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0\30\5\0\0\\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0\30\5\0\0\\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58158, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0\30\5\0\0\\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0\30\5\0\0\\10\0\0" )  ) == 0x0
 02042  1764   NtResumeThread  (776, ... 1, ) == 0x0
 02043  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 191627264, 1048576, ) == 0x0
 02044  1764   NtAllocateVirtualMemory  (-1, 192667648, 0, 8192, 4096, 4, ... 192667648, 8192, ) == 0x0
 02045  2140   NtWaitForSingleObject  (96, 0, 0x0, ...
 02046  1764   NtProtectVirtualMemory  (-1, (0xb7be000), 4096, 260, ... (0xb7be000), 4096, 4, ) == 0x0
 02047  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 780, {1304, 2144}, ) == 0x0
 02048  1764   NtQueryInformationThread  (780, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0c000,Pid=1304,Tid=2144,}, 0x0, ) == 0x0
 02049  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58158, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0\30\5\0\0`\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0\30\5\0\0`\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58159, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0\30\5\0\0`\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0\30\5\0\0`\10\0\0" )  ) == 0x0
 02050  1764   NtResumeThread  (780, ... 1, ) == 0x0
 02051  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02052  2144   NtWaitForSingleObject  (96, 0, 0x0, ...
 02051  1764   NtAllocateVirtualMemory  ... 192675840, 1048576, ) == 0x0
 02053  1764   NtAllocateVirtualMemory  (-1, 193716224, 0, 8192, 4096, 4, ... 193716224, 8192, ) == 0x0
 02054  1764   NtProtectVirtualMemory  (-1, (0xb8be000), 4096, 260, ... (0xb8be000), 4096, 4, ) == 0x0
 02055  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 784, {1304, 2148}, ) == 0x0
 02056  1764   NtQueryInformationThread  (784, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0b000,Pid=1304,Tid=2148,}, 0x0, ) == 0x0
 02057  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58159, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0\30\5\0\0d\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0\30\5\0\0d\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58160, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0\30\5\0\0d\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0\30\5\0\0d\10\0\0" )  ) == 0x0
 02058  1764   NtResumeThread  (784, ... 1, ) == 0x0
 02059  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 193724416, 1048576, ) == 0x0
 02060  1764   NtAllocateVirtualMemory  (-1, 194764800, 0, 8192, 4096, 4, ... 194764800, 8192, ) == 0x0
 02061  2148   NtWaitForSingleObject  (96, 0, 0x0, ...
 02062  1764   NtProtectVirtualMemory  (-1, (0xb9be000), 4096, 260, ... (0xb9be000), 4096, 4, ) == 0x0
 02063  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 788, {1304, 2152}, ) == 0x0
 02064  1764   NtQueryInformationThread  (788, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0a000,Pid=1304,Tid=2152,}, 0x0, ) == 0x0
 02065  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58160, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0\30\5\0\0h\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0\30\5\0\0h\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58161, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0\30\5\0\0h\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0\30\5\0\0h\10\0\0" )  ) == 0x0
 02066  1764   NtResumeThread  (788, ... 1, ) == 0x0
 02067  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02068  2152   NtWaitForSingleObject  (96, 0, 0x0, ...
 02067  1764   NtAllocateVirtualMemory  ... 194772992, 1048576, ) == 0x0
 02069  1764   NtAllocateVirtualMemory  (-1, 195813376, 0, 8192, 4096, 4, ... 195813376, 8192, ) == 0x0
 02070  1764   NtProtectVirtualMemory  (-1, (0xbabe000), 4096, 260, ... (0xbabe000), 4096, 4, ) == 0x0
 02071  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 792, {1304, 2156}, ) == 0x0
 02072  1764   NtQueryInformationThread  (792, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff09000,Pid=1304,Tid=2156,}, 0x0, ) == 0x0
 02073  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58161, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0\30\5\0\0l\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0\30\5\0\0l\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58162, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0\30\5\0\0l\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0\30\5\0\0l\10\0\0" )  ) == 0x0
 02074  1764   NtResumeThread  (792, ... 1, ) == 0x0
 02075  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 195821568, 1048576, ) == 0x0
 02076  1764   NtAllocateVirtualMemory  (-1, 196861952, 0, 8192, 4096, 4, ... 196861952, 8192, ) == 0x0
 02077  2156   NtWaitForSingleObject  (96, 0, 0x0, ...
 02078  1764   NtProtectVirtualMemory  (-1, (0xbbbe000), 4096, 260, ... (0xbbbe000), 4096, 4, ) == 0x0
 02079  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 796, {1304, 2160}, ) == 0x0
 02080  1764   NtQueryInformationThread  (796, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff08000,Pid=1304,Tid=2160,}, 0x0, ) == 0x0
 02081  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58162, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0\30\5\0\0p\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0\30\5\0\0p\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58163, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0\30\5\0\0p\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0\30\5\0\0p\10\0\0" )  ) == 0x0
 02082  1764   NtResumeThread  (796, ... 1, ) == 0x0
 02083  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02084  2160   NtWaitForSingleObject  (96, 0, 0x0, ...
 02083  1764   NtAllocateVirtualMemory  ... 196870144, 1048576, ) == 0x0
 02085  1764   NtAllocateVirtualMemory  (-1, 197910528, 0, 8192, 4096, 4, ... 197910528, 8192, ) == 0x0
 02086  1764   NtProtectVirtualMemory  (-1, (0xbcbe000), 4096, 260, ... (0xbcbe000), 4096, 4, ) == 0x0
 02087  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 800, {1304, 2164}, ) == 0x0
 02088  1764   NtQueryInformationThread  (800, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff07000,Pid=1304,Tid=2164,}, 0x0, ) == 0x0
 02089  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58163, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0\30\5\0\0t\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0\30\5\0\0t\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58164, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0\30\5\0\0t\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0\30\5\0\0t\10\0\0" )  ) == 0x0
 02090  1764   NtResumeThread  (800, ... 1, ) == 0x0
 02091  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 197918720, 1048576, ) == 0x0
 02092  1764   NtAllocateVirtualMemory  (-1, 198959104, 0, 8192, 4096, 4, ... 198959104, 8192, ) == 0x0
 02093  2164   NtWaitForSingleObject  (96, 0, 0x0, ...
 02094  1764   NtProtectVirtualMemory  (-1, (0xbdbe000), 4096, 260, ... (0xbdbe000), 4096, 4, ) == 0x0
 02095  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 804, {1304, 2168}, ) == 0x0
 02096  1764   NtQueryInformationThread  (804, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff06000,Pid=1304,Tid=2168,}, 0x0, ) == 0x0
 02097  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58164, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0\30\5\0\0x\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0\30\5\0\0x\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58165, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0\30\5\0\0x\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0\30\5\0\0x\10\0\0" )  ) == 0x0
 02098  1764   NtResumeThread  (804, ... 1, ) == 0x0
 02099  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02100  2168   NtWaitForSingleObject  (96, 0, 0x0, ...
 02099  1764   NtAllocateVirtualMemory  ... 198967296, 1048576, ) == 0x0
 02101  1764   NtAllocateVirtualMemory  (-1, 200007680, 0, 8192, 4096, 4, ... 200007680, 8192, ) == 0x0
 02102  1764   NtProtectVirtualMemory  (-1, (0xbebe000), 4096, 260, ... (0xbebe000), 4096, 4, ) == 0x0
 02103  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 808, {1304, 2172}, ) == 0x0
 02104  1764   NtQueryInformationThread  (808, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff05000,Pid=1304,Tid=2172,}, 0x0, ) == 0x0
 02105  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58165, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0\30\5\0\0|\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0\30\5\0\0|\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58166, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0\30\5\0\0|\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0\30\5\0\0|\10\0\0" )  ) == 0x0
 02106  1764   NtResumeThread  (808, ... 1, ) == 0x0
 02107  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 200015872, 1048576, ) == 0x0
 02108  1764   NtAllocateVirtualMemory  (-1, 201056256, 0, 8192, 4096, 4, ... 201056256, 8192, ) == 0x0
 02109  2172   NtWaitForSingleObject  (96, 0, 0x0, ...
 02110  1764   NtProtectVirtualMemory  (-1, (0xbfbe000), 4096, 260, ... (0xbfbe000), 4096, 4, ) == 0x0
 02111  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 812, {1304, 2176}, ) == 0x0
 02112  1764   NtQueryInformationThread  (812, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff04000,Pid=1304,Tid=2176,}, 0x0, ) == 0x0
 02113  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58166, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0\30\5\0\0\200\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0\30\5\0\0\200\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58167, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0\30\5\0\0\200\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0\30\5\0\0\200\10\0\0" )  ) == 0x0
 02114  1764   NtResumeThread  (812, ... 1, ) == 0x0
 02115  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02116  2176   NtWaitForSingleObject  (96, 0, 0x0, ...
 02115  1764   NtAllocateVirtualMemory  ... 201064448, 1048576, ) == 0x0
 02117  1764   NtAllocateVirtualMemory  (-1, 202104832, 0, 8192, 4096, 4, ... 202104832, 8192, ) == 0x0
 02118  1764   NtProtectVirtualMemory  (-1, (0xc0be000), 4096, 260, ... (0xc0be000), 4096, 4, ) == 0x0
 02119  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 816, {1304, 2180}, ) == 0x0
 02120  1764   NtQueryInformationThread  (816, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff03000,Pid=1304,Tid=2180,}, 0x0, ) == 0x0
 02121  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58167, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0\30\5\0\0\204\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0\30\5\0\0\204\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58168, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0\30\5\0\0\204\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0\30\5\0\0\204\10\0\0" )  ) == 0x0
 02122  1764   NtResumeThread  (816, ... 1, ) == 0x0
 02123  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 202113024, 1048576, ) == 0x0
 02124  1764   NtAllocateVirtualMemory  (-1, 203153408, 0, 8192, 4096, 4, ... 203153408, 8192, ) == 0x0
 02125  2180   NtWaitForSingleObject  (96, 0, 0x0, ...
 02126  1764   NtProtectVirtualMemory  (-1, (0xc1be000), 4096, 260, ... (0xc1be000), 4096, 4, ) == 0x0
 02127  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 820, {1304, 2184}, ) == 0x0
 02128  1764   NtQueryInformationThread  (820, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff02000,Pid=1304,Tid=2184,}, 0x0, ) == 0x0
 02129  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58168, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0\30\5\0\0\210\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0\30\5\0\0\210\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58169, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0\30\5\0\0\210\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0\30\5\0\0\210\10\0\0" )  ) == 0x0
 02130  1764   NtResumeThread  (820, ... 1, ) == 0x0
 02131  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02132  2184   NtWaitForSingleObject  (96, 0, 0x0, ...
 02131  1764   NtAllocateVirtualMemory  ... 203161600, 1048576, ) == 0x0
 02133  1764   NtAllocateVirtualMemory  (-1, 204201984, 0, 8192, 4096, 4, ... 204201984, 8192, ) == 0x0
 02134  1764   NtProtectVirtualMemory  (-1, (0xc2be000), 4096, 260, ... (0xc2be000), 4096, 4, ) == 0x0
 02135  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 824, {1304, 2188}, ) == 0x0
 02136  1764   NtQueryInformationThread  (824, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff01000,Pid=1304,Tid=2188,}, 0x0, ) == 0x0
 02137  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58169, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0\30\5\0\0\214\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0\30\5\0\0\214\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58170, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0\30\5\0\0\214\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0\30\5\0\0\214\10\0\0" )  ) == 0x0
 02138  1764   NtResumeThread  (824, ... 1, ) == 0x0
 02139  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 204210176, 1048576, ) == 0x0
 02140  1764   NtAllocateVirtualMemory  (-1, 205250560, 0, 8192, 4096, 4, ... 205250560, 8192, ) == 0x0
 02141  2188   NtWaitForSingleObject  (96, 0, 0x0, ...
 02142  1764   NtProtectVirtualMemory  (-1, (0xc3be000), 4096, 260, ... (0xc3be000), 4096, 4, ) == 0x0
 02143  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 828, {1304, 2192}, ) == 0x0
 02144  1764   NtQueryInformationThread  (828, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff00000,Pid=1304,Tid=2192,}, 0x0, ) == 0x0
 02145  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58170, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0\30\5\0\0\220\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0\30\5\0\0\220\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58171, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0\30\5\0\0\220\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0\30\5\0\0\220\10\0\0" )  ) == 0x0
 02146  1764   NtResumeThread  (828, ... 1, ) == 0x0
 02147  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02148  2192   NtWaitForSingleObject  (96, 0, 0x0, ...
 02147  1764   NtAllocateVirtualMemory  ... 205258752, 1048576, ) == 0x0
 02149  1764   NtAllocateVirtualMemory  (-1, 206299136, 0, 8192, 4096, 4, ... 206299136, 8192, ) == 0x0
 02150  1764   NtProtectVirtualMemory  (-1, (0xc4be000), 4096, 260, ... (0xc4be000), 4096, 4, ) == 0x0
 02151  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 832, {1304, 2196}, ) == 0x0
 02152  1764   NtQueryInformationThread  (832, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feff000,Pid=1304,Tid=2196,}, 0x0, ) == 0x0
 02153  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58171, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0\30\5\0\0\224\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0\30\5\0\0\224\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58172, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0\30\5\0\0\224\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0\30\5\0\0\224\10\0\0" )  ) == 0x0
 02154  1764   NtResumeThread  (832, ... 1, ) == 0x0
 02155  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 206307328, 1048576, ) == 0x0
 02156  1764   NtAllocateVirtualMemory  (-1, 207347712, 0, 8192, 4096, 4, ... 207347712, 8192, ) == 0x0
 02157  2196   NtWaitForSingleObject  (96, 0, 0x0, ...
 02158  1764   NtProtectVirtualMemory  (-1, (0xc5be000), 4096, 260, ... (0xc5be000), 4096, 4, ) == 0x0
 02159  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 836, {1304, 2200}, ) == 0x0
 02160  1764   NtQueryInformationThread  (836, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefe000,Pid=1304,Tid=2200,}, 0x0, ) == 0x0
 02161  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58172, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0\30\5\0\0\230\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0\30\5\0\0\230\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58173, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0\30\5\0\0\230\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0\30\5\0\0\230\10\0\0" )  ) == 0x0
 02162  1764   NtResumeThread  (836, ... 1, ) == 0x0
 02163  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02164  2200   NtWaitForSingleObject  (96, 0, 0x0, ...
 02163  1764   NtAllocateVirtualMemory  ... 207355904, 1048576, ) == 0x0
 02165  1764   NtAllocateVirtualMemory  (-1, 208396288, 0, 8192, 4096, 4, ... 208396288, 8192, ) == 0x0
 02166  1764   NtProtectVirtualMemory  (-1, (0xc6be000), 4096, 260, ... (0xc6be000), 4096, 4, ) == 0x0
 02167  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 840, {1304, 2204}, ) == 0x0
 02168  1764   NtQueryInformationThread  (840, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefd000,Pid=1304,Tid=2204,}, 0x0, ) == 0x0
 02169  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58173, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0\30\5\0\0\234\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58174, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0\30\5\0\0\234\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58174, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0\30\5\0\0\234\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58174, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0\30\5\0\0\234\10\0\0" )  ) == 0x0
 02170  1764   NtResumeThread  (840, ... 1, ) == 0x0
 02171  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 208404480, 1048576, ) == 0x0
 02172  1764   NtAllocateVirtualMemory  (-1, 209444864, 0, 8192, 4096, 4, ... 209444864, 8192, ) == 0x0
 02173  2204   NtWaitForSingleObject  (96, 0, 0x0, ...
 02174  1764   NtProtectVirtualMemory  (-1, (0xc7be000), 4096, 260, ... (0xc7be000), 4096, 4, ) == 0x0
 02175  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 844, {1304, 2208}, ) == 0x0
 02176  1764   NtQueryInformationThread  (844, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefc000,Pid=1304,Tid=2208,}, 0x0, ) == 0x0
 02177  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58174, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58174, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0\30\5\0\0\240\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58175, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0\30\5\0\0\240\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58175, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58174, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0\30\5\0\0\240\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58175, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0\30\5\0\0\240\10\0\0" )  ) == 0x0
 02178  1764   NtResumeThread  (844, ... 1, ) == 0x0
 02179  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02180  2208   NtWaitForSingleObject  (96, 0, 0x0, ...
 02179  1764   NtAllocateVirtualMemory  ... 209453056, 1048576, ) == 0x0
 02181  1764   NtAllocateVirtualMemory  (-1, 210493440, 0, 8192, 4096, 4, ... 210493440, 8192, ) == 0x0
 02182  1764   NtProtectVirtualMemory  (-1, (0xc8be000), 4096, 260, ... (0xc8be000), 4096, 4, ) == 0x0
 02183  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 848, {1304, 2212}, ) == 0x0
 02184  1764   NtQueryInformationThread  (848, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefb000,Pid=1304,Tid=2212,}, 0x0, ) == 0x0
 02185  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58175, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58175, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0\30\5\0\0\244\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58176, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0\30\5\0\0\244\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58176, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58175, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0\30\5\0\0\244\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58176, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0\30\5\0\0\244\10\0\0" )  ) == 0x0
 02186  1764   NtResumeThread  (848, ... 1, ) == 0x0
 02187  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 210501632, 1048576, ) == 0x0
 02188  1764   NtAllocateVirtualMemory  (-1, 211542016, 0, 8192, 4096, 4, ... 211542016, 8192, ) == 0x0
 02189  2212   NtWaitForSingleObject  (96, 0, 0x0, ...
 02190  1764   NtProtectVirtualMemory  (-1, (0xc9be000), 4096, 260, ... (0xc9be000), 4096, 4, ) == 0x0
 02191  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 852, {1304, 2216}, ) == 0x0
 02192  1764   NtQueryInformationThread  (852, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefa000,Pid=1304,Tid=2216,}, 0x0, ) == 0x0
 02193  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58176, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58176, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0\30\5\0\0\250\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58177, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0\30\5\0\0\250\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58177, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58176, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0\30\5\0\0\250\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58177, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0\30\5\0\0\250\10\0\0" )  ) == 0x0
 02194  1764   NtResumeThread  (852, ... 1, ) == 0x0
 02195  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02196  2216   NtWaitForSingleObject  (96, 0, 0x0, ...
 02195  1764   NtAllocateVirtualMemory  ... 211550208, 1048576, ) == 0x0
 02197  1764   NtAllocateVirtualMemory  (-1, 212590592, 0, 8192, 4096, 4, ... 212590592, 8192, ) == 0x0
 02198  1764   NtProtectVirtualMemory  (-1, (0xcabe000), 4096, 260, ... (0xcabe000), 4096, 4, ) == 0x0
 02199  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 856, {1304, 2220}, ) == 0x0
 02200  1764   NtQueryInformationThread  (856, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef9000,Pid=1304,Tid=2220,}, 0x0, ) == 0x0
 02201  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58177, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58177, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0\30\5\0\0\254\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58178, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0\30\5\0\0\254\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58178, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58177, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0\30\5\0\0\254\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58178, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0\30\5\0\0\254\10\0\0" )  ) == 0x0
 02202  1764   NtResumeThread  (856, ... 1, ) == 0x0
 02203  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 212598784, 1048576, ) == 0x0
 02204  1764   NtAllocateVirtualMemory  (-1, 213639168, 0, 8192, 4096, 4, ... 213639168, 8192, ) == 0x0
 02205  2220   NtWaitForSingleObject  (96, 0, 0x0, ...
 02206  1764   NtProtectVirtualMemory  (-1, (0xcbbe000), 4096, 260, ... (0xcbbe000), 4096, 4, ) == 0x0
 02207  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 860, {1304, 2224}, ) == 0x0
 02208  1764   NtQueryInformationThread  (860, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef8000,Pid=1304,Tid=2224,}, 0x0, ) == 0x0
 02209  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58178, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58178, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0\30\5\0\0\260\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58179, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0\30\5\0\0\260\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58179, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58178, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0\30\5\0\0\260\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58179, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0\30\5\0\0\260\10\0\0" )  ) == 0x0
 02210  1764   NtResumeThread  (860, ... 1, ) == 0x0
 02211  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02212  2224   NtWaitForSingleObject  (96, 0, 0x0, ...
 02211  1764   NtAllocateVirtualMemory  ... 213647360, 1048576, ) == 0x0
 02213  1764   NtAllocateVirtualMemory  (-1, 214687744, 0, 8192, 4096, 4, ... 214687744, 8192, ) == 0x0
 02214  1764   NtProtectVirtualMemory  (-1, (0xccbe000), 4096, 260, ... (0xccbe000), 4096, 4, ) == 0x0
 02215  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 864, {1304, 2228}, ) == 0x0
 02216  1764   NtQueryInformationThread  (864, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef7000,Pid=1304,Tid=2228,}, 0x0, ) == 0x0
 02217  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58179, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58179, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0\30\5\0\0\264\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58180, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0\30\5\0\0\264\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58180, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58179, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0\30\5\0\0\264\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58180, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0\30\5\0\0\264\10\0\0" )  ) == 0x0
 02218  1764   NtResumeThread  (864, ... 1, ) == 0x0
 02219  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 214695936, 1048576, ) == 0x0
 02220  1764   NtAllocateVirtualMemory  (-1, 215736320, 0, 8192, 4096, 4, ... 215736320, 8192, ) == 0x0
 02221  2228   NtWaitForSingleObject  (96, 0, 0x0, ...
 02222  1764   NtProtectVirtualMemory  (-1, (0xcdbe000), 4096, 260, ... (0xcdbe000), 4096, 4, ) == 0x0
 02223  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 868, {1304, 2232}, ) == 0x0
 02224  1764   NtQueryInformationThread  (868, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef6000,Pid=1304,Tid=2232,}, 0x0, ) == 0x0
 02225  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58180, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58180, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0\30\5\0\0\270\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58181, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0\30\5\0\0\270\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58181, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58180, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0\30\5\0\0\270\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58181, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0\30\5\0\0\270\10\0\0" )  ) == 0x0
 02226  1764   NtResumeThread  (868, ... 1, ) == 0x0
 02227  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02228  2232   NtWaitForSingleObject  (96, 0, 0x0, ...
 02227  1764   NtAllocateVirtualMemory  ... 215744512, 1048576, ) == 0x0
 02229  1764   NtAllocateVirtualMemory  (-1, 216784896, 0, 8192, 4096, 4, ... 216784896, 8192, ) == 0x0
 02230  1764   NtProtectVirtualMemory  (-1, (0xcebe000), 4096, 260, ... (0xcebe000), 4096, 4, ) == 0x0
 02231  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 872, {1304, 2236}, ) == 0x0
 02232  1764   NtQueryInformationThread  (872, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef5000,Pid=1304,Tid=2236,}, 0x0, ) == 0x0
 02233  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58181, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58181, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0\30\5\0\0\274\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58182, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0\30\5\0\0\274\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58182, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58181, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0\30\5\0\0\274\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58182, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0\30\5\0\0\274\10\0\0" )  ) == 0x0
 02234  1764   NtResumeThread  (872, ... 1, ) == 0x0
 02235  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 216793088, 1048576, ) == 0x0
 02236  1764   NtAllocateVirtualMemory  (-1, 217833472, 0, 8192, 4096, 4, ... 217833472, 8192, ) == 0x0
 02237  2236   NtWaitForSingleObject  (96, 0, 0x0, ...
 02238  1764   NtProtectVirtualMemory  (-1, (0xcfbe000), 4096, 260, ... (0xcfbe000), 4096, 4, ) == 0x0
 02239  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 876, {1304, 2240}, ) == 0x0
 02240  1764   NtQueryInformationThread  (876, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef4000,Pid=1304,Tid=2240,}, 0x0, ) == 0x0
 02241  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58182, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58182, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0\30\5\0\0\300\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58183, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0\30\5\0\0\300\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58183, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58182, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0\30\5\0\0\300\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58183, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0\30\5\0\0\300\10\0\0" )  ) == 0x0
 02242  1764   NtResumeThread  (876, ... 1, ) == 0x0
 02243  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02244  2240   NtWaitForSingleObject  (96, 0, 0x0, ...
 02243  1764   NtAllocateVirtualMemory  ... 217841664, 1048576, ) == 0x0
 02245  1764   NtAllocateVirtualMemory  (-1, 218882048, 0, 8192, 4096, 4, ... 218882048, 8192, ) == 0x0
 02246  1764   NtProtectVirtualMemory  (-1, (0xd0be000), 4096, 260, ... (0xd0be000), 4096, 4, ) == 0x0
 02247  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 880, {1304, 2244}, ) == 0x0
 02248  1764   NtQueryInformationThread  (880, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef3000,Pid=1304,Tid=2244,}, 0x0, ) == 0x0
 02249  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58183, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58183, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0\30\5\0\0\304\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58184, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0\30\5\0\0\304\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58184, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58183, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0\30\5\0\0\304\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58184, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0\30\5\0\0\304\10\0\0" )  ) == 0x0
 02250  1764   NtResumeThread  (880, ... 1, ) == 0x0
 02251  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 218890240, 1048576, ) == 0x0
 02252  1764   NtAllocateVirtualMemory  (-1, 219930624, 0, 8192, 4096, 4, ... 219930624, 8192, ) == 0x0
 02253  2244   NtWaitForSingleObject  (96, 0, 0x0, ...
 02254  1764   NtProtectVirtualMemory  (-1, (0xd1be000), 4096, 260, ... (0xd1be000), 4096, 4, ) == 0x0
 02255  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 884, {1304, 2248}, ) == 0x0
 02256  1764   NtQueryInformationThread  (884, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef2000,Pid=1304,Tid=2248,}, 0x0, ) == 0x0
 02257  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58184, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58184, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0\30\5\0\0\310\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58185, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0\30\5\0\0\310\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58185, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58184, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0\30\5\0\0\310\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58185, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0\30\5\0\0\310\10\0\0" )  ) == 0x0
 02258  1764   NtResumeThread  (884, ... 1, ) == 0x0
 02259  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02260  2248   NtWaitForSingleObject  (96, 0, 0x0, ...
 02259  1764   NtAllocateVirtualMemory  ... 219938816, 1048576, ) == 0x0
 02261  1764   NtAllocateVirtualMemory  (-1, 220979200, 0, 8192, 4096, 4, ... 220979200, 8192, ) == 0x0
 02262  1764   NtProtectVirtualMemory  (-1, (0xd2be000), 4096, 260, ... (0xd2be000), 4096, 4, ) == 0x0
 02263  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 888, {1304, 2252}, ) == 0x0
 02264  1764   NtQueryInformationThread  (888, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef1000,Pid=1304,Tid=2252,}, 0x0, ) == 0x0
 02265  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58185, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58185, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0\30\5\0\0\314\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58186, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0\30\5\0\0\314\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58186, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58185, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0\30\5\0\0\314\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58186, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0\30\5\0\0\314\10\0\0" )  ) == 0x0
 02266  1764   NtResumeThread  (888, ... 1, ) == 0x0
 02267  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 220987392, 1048576, ) == 0x0
 02268  1764   NtAllocateVirtualMemory  (-1, 222027776, 0, 8192, 4096, 4, ... 222027776, 8192, ) == 0x0
 02269  2252   NtWaitForSingleObject  (96, 0, 0x0, ...
 02270  1764   NtProtectVirtualMemory  (-1, (0xd3be000), 4096, 260, ... (0xd3be000), 4096, 4, ) == 0x0
 02271  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 892, {1304, 2256}, ) == 0x0
 02272  1764   NtQueryInformationThread  (892, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef0000,Pid=1304,Tid=2256,}, 0x0, ) == 0x0
 02273  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58186, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58186, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0\30\5\0\0\320\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58187, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0\30\5\0\0\320\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58187, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58186, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0\30\5\0\0\320\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58187, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0\30\5\0\0\320\10\0\0" )  ) == 0x0
 02274  1764   NtResumeThread  (892, ... 1, ) == 0x0
 02275  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02276  2256   NtWaitForSingleObject  (96, 0, 0x0, ...
 02275  1764   NtAllocateVirtualMemory  ... 222035968, 1048576, ) == 0x0
 02277  1764   NtAllocateVirtualMemory  (-1, 223076352, 0, 8192, 4096, 4, ... 223076352, 8192, ) == 0x0
 02278  1764   NtProtectVirtualMemory  (-1, (0xd4be000), 4096, 260, ... (0xd4be000), 4096, 4, ) == 0x0
 02279  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 896, {1304, 2260}, ) == 0x0
 02280  1764   NtQueryInformationThread  (896, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feef000,Pid=1304,Tid=2260,}, 0x0, ) == 0x0
 02281  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58187, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58187, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0\30\5\0\0\324\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58188, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0\30\5\0\0\324\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58188, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58187, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0\30\5\0\0\324\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58188, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0\30\5\0\0\324\10\0\0" )  ) == 0x0
 02282  1764   NtResumeThread  (896, ... 1, ) == 0x0
 02283  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 223084544, 1048576, ) == 0x0
 02284  1764   NtAllocateVirtualMemory  (-1, 224124928, 0, 8192, 4096, 4, ... 224124928, 8192, ) == 0x0
 02285  2260   NtWaitForSingleObject  (96, 0, 0x0, ...
 02286  1764   NtProtectVirtualMemory  (-1, (0xd5be000), 4096, 260, ... (0xd5be000), 4096, 4, ) == 0x0
 02287  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 900, {1304, 2276}, ) == 0x0
 02288  1764   NtQueryInformationThread  (900, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feee000,Pid=1304,Tid=2276,}, 0x0, ) == 0x0
 02289  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58188, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58188, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0\30\5\0\0\344\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58189, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0\30\5\0\0\344\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58189, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58188, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0\30\5\0\0\344\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58189, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0\30\5\0\0\344\10\0\0" )  ) == 0x0
 02290  1764   NtResumeThread  (900, ... 1, ) == 0x0
 02291  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02292  2276   NtWaitForSingleObject  (96, 0, 0x0, ...
 02291  1764   NtAllocateVirtualMemory  ... 224133120, 1048576, ) == 0x0
 02293  1764   NtAllocateVirtualMemory  (-1, 225173504, 0, 8192, 4096, 4, ... 225173504, 8192, ) == 0x0
 02294  1764   NtProtectVirtualMemory  (-1, (0xd6be000), 4096, 260, ... (0xd6be000), 4096, 4, ) == 0x0
 02295  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 904, {1304, 2280}, ) == 0x0
 02296  1764   NtQueryInformationThread  (904, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feed000,Pid=1304,Tid=2280,}, 0x0, ) == 0x0
 02297  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58189, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58189, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0\30\5\0\0\350\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58190, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0\30\5\0\0\350\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58190, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58189, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0\30\5\0\0\350\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58190, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0\30\5\0\0\350\10\0\0" )  ) == 0x0
 02298  1764   NtResumeThread  (904, ... 1, ) == 0x0
 02299  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 225181696, 1048576, ) == 0x0
 02300  1764   NtAllocateVirtualMemory  (-1, 226222080, 0, 8192, 4096, 4, ... 226222080, 8192, ) == 0x0
 02301  2280   NtWaitForSingleObject  (96, 0, 0x0, ...
 02302  1764   NtProtectVirtualMemory  (-1, (0xd7be000), 4096, 260, ... (0xd7be000), 4096, 4, ) == 0x0
 02303  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 908, {1304, 2284}, ) == 0x0
 02304  1764   NtQueryInformationThread  (908, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feec000,Pid=1304,Tid=2284,}, 0x0, ) == 0x0
 02305  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58190, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58190, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0\30\5\0\0\354\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58191, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0\30\5\0\0\354\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58191, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58190, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0\30\5\0\0\354\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58191, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0\30\5\0\0\354\10\0\0" )  ) == 0x0
 02306  1764   NtResumeThread  (908, ... 1, ) == 0x0
 02307  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02308  2284   NtWaitForSingleObject  (96, 0, 0x0, ...
 02307  1764   NtAllocateVirtualMemory  ... 226230272, 1048576, ) == 0x0
 02309  1764   NtAllocateVirtualMemory  (-1, 227270656, 0, 8192, 4096, 4, ... 227270656, 8192, ) == 0x0
 02310  1764   NtProtectVirtualMemory  (-1, (0xd8be000), 4096, 260, ... (0xd8be000), 4096, 4, ) == 0x0
 02311  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 912, {1304, 2288}, ) == 0x0
 02312  1764   NtQueryInformationThread  (912, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feeb000,Pid=1304,Tid=2288,}, 0x0, ) == 0x0
 02313  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58191, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58191, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0\30\5\0\0\360\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58192, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0\30\5\0\0\360\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58192, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58191, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0\30\5\0\0\360\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58192, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0\30\5\0\0\360\10\0\0" )  ) == 0x0
 02314  1764   NtResumeThread  (912, ... 1, ) == 0x0
 02315  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 227278848, 1048576, ) == 0x0
 02316  1764   NtAllocateVirtualMemory  (-1, 228319232, 0, 8192, 4096, 4, ... 228319232, 8192, ) == 0x0
 02317  2288   NtWaitForSingleObject  (96, 0, 0x0, ...
 02318  1764   NtProtectVirtualMemory  (-1, (0xd9be000), 4096, 260, ... (0xd9be000), 4096, 4, ) == 0x0
 02319  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 916, {1304, 2292}, ) == 0x0
 02320  1764   NtQueryInformationThread  (916, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feea000,Pid=1304,Tid=2292,}, 0x0, ) == 0x0
 02321  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58192, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58192, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0\30\5\0\0\364\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58193, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0\30\5\0\0\364\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58193, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58192, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0\30\5\0\0\364\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58193, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0\30\5\0\0\364\10\0\0" )  ) == 0x0
 02322  1764   NtResumeThread  (916, ... 1, ) == 0x0
 02323  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02324  2292   NtWaitForSingleObject  (96, 0, 0x0, ...
 02323  1764   NtAllocateVirtualMemory  ... 228327424, 1048576, ) == 0x0
 02325  1764   NtAllocateVirtualMemory  (-1, 229367808, 0, 8192, 4096, 4, ... 229367808, 8192, ) == 0x0
 02326  1764   NtProtectVirtualMemory  (-1, (0xdabe000), 4096, 260, ... (0xdabe000), 4096, 4, ) == 0x0
 02327  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 920, {1304, 2296}, ) == 0x0
 02328  1764   NtQueryInformationThread  (920, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee9000,Pid=1304,Tid=2296,}, 0x0, ) == 0x0
 02329  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58193, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58193, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0\30\5\0\0\370\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58194, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0\30\5\0\0\370\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58194, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58193, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0\30\5\0\0\370\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58194, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0\30\5\0\0\370\10\0\0" )  ) == 0x0
 02330  1764   NtResumeThread  (920, ... 1, ) == 0x0
 02331  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 229376000, 1048576, ) == 0x0
 02332  1764   NtAllocateVirtualMemory  (-1, 230416384, 0, 8192, 4096, 4, ... 230416384, 8192, ) == 0x0
 02333  2296   NtWaitForSingleObject  (96, 0, 0x0, ...
 02334  1764   NtProtectVirtualMemory  (-1, (0xdbbe000), 4096, 260, ... (0xdbbe000), 4096, 4, ) == 0x0
 02335  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 924, {1304, 2300}, ) == 0x0
 02336  1764   NtQueryInformationThread  (924, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee8000,Pid=1304,Tid=2300,}, 0x0, ) == 0x0
 02337  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58194, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58194, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0\30\5\0\0\374\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58195, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0\30\5\0\0\374\10\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58195, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58194, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0\30\5\0\0\374\10\0\0" ... {28, 56, reply, 0, 1304, 1764, 58195, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0\30\5\0\0\374\10\0\0" )  ) == 0x0
 02338  1764   NtResumeThread  (924, ... 1, ) == 0x0
 02339  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02340  2300   NtWaitForSingleObject  (96, 0, 0x0, ...
 02339  1764   NtAllocateVirtualMemory  ... 230424576, 1048576, ) == 0x0
 02341  1764   NtAllocateVirtualMemory  (-1, 231464960, 0, 8192, 4096, 4, ... 231464960, 8192, ) == 0x0
 02342  1764   NtProtectVirtualMemory  (-1, (0xdcbe000), 4096, 260, ... (0xdcbe000), 4096, 4, ) == 0x0
 02343  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 928, {1304, 2304}, ) == 0x0
 02344  1764   NtQueryInformationThread  (928, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee7000,Pid=1304,Tid=2304,}, 0x0, ) == 0x0
 02345  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58195, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58195, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0\30\5\0\0\0\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58196, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0\30\5\0\0\0\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58196, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58195, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0\30\5\0\0\0\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58196, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0\30\5\0\0\0\11\0\0" )  ) == 0x0
 02346  1764   NtResumeThread  (928, ... 1, ) == 0x0
 02347  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 231473152, 1048576, ) == 0x0
 02348  1764   NtAllocateVirtualMemory  (-1, 232513536, 0, 8192, 4096, 4, ... 232513536, 8192, ) == 0x0
 02349  2304   NtWaitForSingleObject  (96, 0, 0x0, ...
 02350  1764   NtProtectVirtualMemory  (-1, (0xddbe000), 4096, 260, ... (0xddbe000), 4096, 4, ) == 0x0
 02351  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 932, {1304, 2308}, ) == 0x0
 02352  1764   NtQueryInformationThread  (932, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee6000,Pid=1304,Tid=2308,}, 0x0, ) == 0x0
 02353  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58196, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58196, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0\30\5\0\0\4\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58197, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0\30\5\0\0\4\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58197, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58196, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0\30\5\0\0\4\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58197, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0\30\5\0\0\4\11\0\0" )  ) == 0x0
 02354  1764   NtResumeThread  (932, ... 1, ) == 0x0
 02355  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02356  2308   NtWaitForSingleObject  (96, 0, 0x0, ...
 02355  1764   NtAllocateVirtualMemory  ... 232521728, 1048576, ) == 0x0
 02357  1764   NtAllocateVirtualMemory  (-1, 233562112, 0, 8192, 4096, 4, ... 233562112, 8192, ) == 0x0
 02358  1764   NtProtectVirtualMemory  (-1, (0xdebe000), 4096, 260, ... (0xdebe000), 4096, 4, ) == 0x0
 02359  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 936, {1304, 2312}, ) == 0x0
 02360  1764   NtQueryInformationThread  (936, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee5000,Pid=1304,Tid=2312,}, 0x0, ) == 0x0
 02361  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58197, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58197, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0\30\5\0\0\10\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58198, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0\30\5\0\0\10\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58198, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58197, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0\30\5\0\0\10\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58198, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0\30\5\0\0\10\11\0\0" )  ) == 0x0
 02362  1764   NtResumeThread  (936, ... 1, ) == 0x0
 02363  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 233570304, 1048576, ) == 0x0
 02364  1764   NtAllocateVirtualMemory  (-1, 234610688, 0, 8192, 4096, 4, ... 234610688, 8192, ) == 0x0
 02365  2312   NtWaitForSingleObject  (96, 0, 0x0, ...
 02366  1764   NtProtectVirtualMemory  (-1, (0xdfbe000), 4096, 260, ... (0xdfbe000), 4096, 4, ) == 0x0
 02367  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 940, {1304, 2316}, ) == 0x0
 02368  1764   NtQueryInformationThread  (940, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee4000,Pid=1304,Tid=2316,}, 0x0, ) == 0x0
 02369  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58198, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58198, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0\30\5\0\0\14\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58199, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0\30\5\0\0\14\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58199, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58198, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0\30\5\0\0\14\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58199, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0\30\5\0\0\14\11\0\0" )  ) == 0x0
 02370  1764   NtResumeThread  (940, ... 1, ) == 0x0
 02371  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02372  2316   NtWaitForSingleObject  (96, 0, 0x0, ...
 02371  1764   NtAllocateVirtualMemory  ... 234618880, 1048576, ) == 0x0
 02373  1764   NtAllocateVirtualMemory  (-1, 235659264, 0, 8192, 4096, 4, ... 235659264, 8192, ) == 0x0
 02374  1764   NtProtectVirtualMemory  (-1, (0xe0be000), 4096, 260, ... (0xe0be000), 4096, 4, ) == 0x0
 02375  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 944, {1304, 2320}, ) == 0x0
 02376  1764   NtQueryInformationThread  (944, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee3000,Pid=1304,Tid=2320,}, 0x0, ) == 0x0
 02377  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58199, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58199, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0\30\5\0\0\20\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58200, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0\30\5\0\0\20\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58200, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58199, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0\30\5\0\0\20\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58200, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0\30\5\0\0\20\11\0\0" )  ) == 0x0
 02378  1764   NtResumeThread  (944, ... 1, ) == 0x0
 02379  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 235667456, 1048576, ) == 0x0
 02380  1764   NtAllocateVirtualMemory  (-1, 236707840, 0, 8192, 4096, 4, ... 236707840, 8192, ) == 0x0
 02381  2320   NtWaitForSingleObject  (96, 0, 0x0, ...
 02382  1764   NtProtectVirtualMemory  (-1, (0xe1be000), 4096, 260, ... (0xe1be000), 4096, 4, ) == 0x0
 02383  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 948, {1304, 2324}, ) == 0x0
 02384  1764   NtQueryInformationThread  (948, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee2000,Pid=1304,Tid=2324,}, 0x0, ) == 0x0
 02385  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58200, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58200, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0\30\5\0\0\24\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58201, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0\30\5\0\0\24\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58201, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58200, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0\30\5\0\0\24\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58201, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0\30\5\0\0\24\11\0\0" )  ) == 0x0
 02386  1764   NtResumeThread  (948, ... 1, ) == 0x0
 02387  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02388  2324   NtWaitForSingleObject  (96, 0, 0x0, ...
 02387  1764   NtAllocateVirtualMemory  ... 236716032, 1048576, ) == 0x0
 02389  1764   NtAllocateVirtualMemory  (-1, 237756416, 0, 8192, 4096, 4, ... 237756416, 8192, ) == 0x0
 02390  1764   NtProtectVirtualMemory  (-1, (0xe2be000), 4096, 260, ... (0xe2be000), 4096, 4, ) == 0x0
 02391  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 952, {1304, 2340}, ) == 0x0
 02392  1764   NtQueryInformationThread  (952, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee1000,Pid=1304,Tid=2340,}, 0x0, ) == 0x0
 02393  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58201, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58201, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0\30\5\0\0$\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58202, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0\30\5\0\0$\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58202, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58201, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0\30\5\0\0$\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58202, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0\30\5\0\0$\11\0\0" )  ) == 0x0
 02394  1764   NtResumeThread  (952, ... 1, ) == 0x0
 02395  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 237764608, 1048576, ) == 0x0
 02396  1764   NtAllocateVirtualMemory  (-1, 238804992, 0, 8192, 4096, 4, ... 238804992, 8192, ) == 0x0
 02397  2340   NtWaitForSingleObject  (96, 0, 0x0, ...
 02398  1764   NtProtectVirtualMemory  (-1, (0xe3be000), 4096, 260, ... (0xe3be000), 4096, 4, ) == 0x0
 02399  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 956, {1304, 2344}, ) == 0x0
 02400  1764   NtQueryInformationThread  (956, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee0000,Pid=1304,Tid=2344,}, 0x0, ) == 0x0
 02401  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58202, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58202, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0\30\5\0\0(\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58203, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0\30\5\0\0(\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58203, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58202, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0\30\5\0\0(\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58203, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0\30\5\0\0(\11\0\0" )  ) == 0x0
 02402  1764   NtResumeThread  (956, ... 1, ) == 0x0
 02403  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02404  2344   NtWaitForSingleObject  (96, 0, 0x0, ...
 02403  1764   NtAllocateVirtualMemory  ... 238813184, 1048576, ) == 0x0
 02405  1764   NtAllocateVirtualMemory  (-1, 239853568, 0, 8192, 4096, 4, ... 239853568, 8192, ) == 0x0
 02406  1764   NtProtectVirtualMemory  (-1, (0xe4be000), 4096, 260, ... (0xe4be000), 4096, 4, ) == 0x0
 02407  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 960, {1304, 2348}, ) == 0x0
 02408  1764   NtQueryInformationThread  (960, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fedf000,Pid=1304,Tid=2348,}, 0x0, ) == 0x0
 02409  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58203, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58203, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0\30\5\0\0,\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58204, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0\30\5\0\0,\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58204, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58203, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0\30\5\0\0,\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58204, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0\30\5\0\0,\11\0\0" )  ) == 0x0
 02410  1764   NtResumeThread  (960, ... 1, ) == 0x0
 02411  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 239861760, 1048576, ) == 0x0
 02412  1764   NtAllocateVirtualMemory  (-1, 240902144, 0, 8192, 4096, 4, ... 240902144, 8192, ) == 0x0
 02413  2348   NtWaitForSingleObject  (96, 0, 0x0, ...
 02414  1764   NtProtectVirtualMemory  (-1, (0xe5be000), 4096, 260, ... (0xe5be000), 4096, 4, ) == 0x0
 02415  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 964, {1304, 2352}, ) == 0x0
 02416  1764   NtQueryInformationThread  (964, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fede000,Pid=1304,Tid=2352,}, 0x0, ) == 0x0
 02417  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58204, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58204, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0\30\5\0\00\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58205, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0\30\5\0\00\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58205, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58204, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0\30\5\0\00\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58205, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0\30\5\0\00\11\0\0" )  ) == 0x0
 02418  1764   NtResumeThread  (964, ... 1, ) == 0x0
 02419  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02420  2352   NtWaitForSingleObject  (96, 0, 0x0, ...
 02419  1764   NtAllocateVirtualMemory  ... 240910336, 1048576, ) == 0x0
 02421  1764   NtAllocateVirtualMemory  (-1, 241950720, 0, 8192, 4096, 4, ... 241950720, 8192, ) == 0x0
 02422  1764   NtProtectVirtualMemory  (-1, (0xe6be000), 4096, 260, ... (0xe6be000), 4096, 4, ) == 0x0
 02423  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 968, {1304, 2356}, ) == 0x0
 02424  1764   NtQueryInformationThread  (968, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fedd000,Pid=1304,Tid=2356,}, 0x0, ) == 0x0
 02425  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58205, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58205, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0\30\5\0\04\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58206, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0\30\5\0\04\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58206, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58205, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0\30\5\0\04\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58206, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0\30\5\0\04\11\0\0" )  ) == 0x0
 02426  1764   NtResumeThread  (968, ... 1, ) == 0x0
 02427  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 241958912, 1048576, ) == 0x0
 02428  1764   NtAllocateVirtualMemory  (-1, 242999296, 0, 8192, 4096, 4, ... 242999296, 8192, ) == 0x0
 02429  2356   NtWaitForSingleObject  (96, 0, 0x0, ...
 02430  1764   NtProtectVirtualMemory  (-1, (0xe7be000), 4096, 260, ... (0xe7be000), 4096, 4, ) == 0x0
 02431  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 972, {1304, 2360}, ) == 0x0
 02432  1764   NtQueryInformationThread  (972, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fedc000,Pid=1304,Tid=2360,}, 0x0, ) == 0x0
 02433  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58206, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58206, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0\30\5\0\08\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58207, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0\30\5\0\08\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58207, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58206, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0\30\5\0\08\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58207, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0\30\5\0\08\11\0\0" )  ) == 0x0
 02434  1764   NtResumeThread  (972, ... 1, ) == 0x0
 02435  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02436  2360   NtWaitForSingleObject  (96, 0, 0x0, ...
 02435  1764   NtAllocateVirtualMemory  ... 243007488, 1048576, ) == 0x0
 02437  1764   NtAllocateVirtualMemory  (-1, 244047872, 0, 8192, 4096, 4, ... 244047872, 8192, ) == 0x0
 02438  1764   NtProtectVirtualMemory  (-1, (0xe8be000), 4096, 260, ... (0xe8be000), 4096, 4, ) == 0x0
 02439  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 976, {1304, 2364}, ) == 0x0
 02440  1764   NtQueryInformationThread  (976, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fedb000,Pid=1304,Tid=2364,}, 0x0, ) == 0x0
 02441  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58207, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58207, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0\30\5\0\0<\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58208, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0\30\5\0\0<\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58208, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58207, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0\30\5\0\0<\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58208, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0\30\5\0\0<\11\0\0" )  ) == 0x0
 02442  1764   NtResumeThread  (976, ... 1, ) == 0x0
 02443  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 244056064, 1048576, ) == 0x0
 02444  1764   NtAllocateVirtualMemory  (-1, 245096448, 0, 8192, 4096, 4, ... 245096448, 8192, ) == 0x0
 02445  2364   NtWaitForSingleObject  (96, 0, 0x0, ...
 02446  1764   NtProtectVirtualMemory  (-1, (0xe9be000), 4096, 260, ... (0xe9be000), 4096, 4, ) == 0x0
 02447  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 980, {1304, 2368}, ) == 0x0
 02448  1764   NtQueryInformationThread  (980, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feda000,Pid=1304,Tid=2368,}, 0x0, ) == 0x0
 02449  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58208, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58208, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0\30\5\0\0@\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58209, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0\30\5\0\0@\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58209, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58208, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0\30\5\0\0@\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58209, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0\30\5\0\0@\11\0\0" )  ) == 0x0
 02450  1764   NtResumeThread  (980, ... 1, ) == 0x0
 02451  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02452  2368   NtWaitForSingleObject  (96, 0, 0x0, ...
 02451  1764   NtAllocateVirtualMemory  ... 245104640, 1048576, ) == 0x0
 02453  1764   NtAllocateVirtualMemory  (-1, 246145024, 0, 8192, 4096, 4, ... 246145024, 8192, ) == 0x0
 02454  1764   NtProtectVirtualMemory  (-1, (0xeabe000), 4096, 260, ... (0xeabe000), 4096, 4, ) == 0x0
 02455  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 984, {1304, 2372}, ) == 0x0
 02456  1764   NtQueryInformationThread  (984, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed9000,Pid=1304,Tid=2372,}, 0x0, ) == 0x0
 02457  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58209, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58209, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0\30\5\0\0D\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58210, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0\30\5\0\0D\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58210, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58209, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0\30\5\0\0D\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58210, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0\30\5\0\0D\11\0\0" )  ) == 0x0
 02458  1764   NtResumeThread  (984, ... 1, ) == 0x0
 02459  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 246153216, 1048576, ) == 0x0
 02460  1764   NtAllocateVirtualMemory  (-1, 247193600, 0, 8192, 4096, 4, ... 247193600, 8192, ) == 0x0
 02461  2372   NtWaitForSingleObject  (96, 0, 0x0, ...
 02462  1764   NtProtectVirtualMemory  (-1, (0xebbe000), 4096, 260, ... (0xebbe000), 4096, 4, ) == 0x0
 02463  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 988, {1304, 2376}, ) == 0x0
 02464  1764   NtQueryInformationThread  (988, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed8000,Pid=1304,Tid=2376,}, 0x0, ) == 0x0
 02465  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58210, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58210, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0\30\5\0\0H\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58211, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0\30\5\0\0H\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58211, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58210, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0\30\5\0\0H\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58211, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0\30\5\0\0H\11\0\0" )  ) == 0x0
 02466  1764   NtResumeThread  (988, ... 1, ) == 0x0
 02467  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02468  2376   NtWaitForSingleObject  (96, 0, 0x0, ...
 02467  1764   NtAllocateVirtualMemory  ... 247201792, 1048576, ) == 0x0
 02469  1764   NtAllocateVirtualMemory  (-1, 248242176, 0, 8192, 4096, 4, ... 248242176, 8192, ) == 0x0
 02470  1764   NtProtectVirtualMemory  (-1, (0xecbe000), 4096, 260, ... (0xecbe000), 4096, 4, ) == 0x0
 02471  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 992, {1304, 2380}, ) == 0x0
 02472  1764   NtQueryInformationThread  (992, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed7000,Pid=1304,Tid=2380,}, 0x0, ) == 0x0
 02473  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58211, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58211, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0\30\5\0\0L\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58212, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0\30\5\0\0L\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58212, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58211, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0\30\5\0\0L\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58212, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0\30\5\0\0L\11\0\0" )  ) == 0x0
 02474  1764   NtResumeThread  (992, ... 1, ) == 0x0
 02475  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 248250368, 1048576, ) == 0x0
 02476  1764   NtAllocateVirtualMemory  (-1, 249290752, 0, 8192, 4096, 4, ... 249290752, 8192, ) == 0x0
 02477  2380   NtWaitForSingleObject  (96, 0, 0x0, ...
 02478  1764   NtProtectVirtualMemory  (-1, (0xedbe000), 4096, 260, ... (0xedbe000), 4096, 4, ) == 0x0
 02479  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 996, {1304, 2384}, ) == 0x0
 02480  1764   NtQueryInformationThread  (996, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed6000,Pid=1304,Tid=2384,}, 0x0, ) == 0x0
 02481  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58212, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58212, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0\30\5\0\0P\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58213, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0\30\5\0\0P\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58213, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58212, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0\30\5\0\0P\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58213, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0\30\5\0\0P\11\0\0" )  ) == 0x0
 02482  1764   NtResumeThread  (996, ... 1, ) == 0x0
 02483  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02484  2384   NtWaitForSingleObject  (96, 0, 0x0, ...
 02483  1764   NtAllocateVirtualMemory  ... 249298944, 1048576, ) == 0x0
 02485  1764   NtAllocateVirtualMemory  (-1, 250339328, 0, 8192, 4096, 4, ... 250339328, 8192, ) == 0x0
 02486  1764   NtProtectVirtualMemory  (-1, (0xeebe000), 4096, 260, ... (0xeebe000), 4096, 4, ) == 0x0
 02487  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1000, {1304, 2388}, ) == 0x0
 02488  1764   NtQueryInformationThread  (1000, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed5000,Pid=1304,Tid=2388,}, 0x0, ) == 0x0
 02489  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58213, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58213, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0\30\5\0\0T\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58214, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0\30\5\0\0T\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58214, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58213, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0\30\5\0\0T\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58214, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0\30\5\0\0T\11\0\0" )  ) == 0x0
 02490  1764   NtResumeThread  (1000, ... 1, ) == 0x0
 02491  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 250347520, 1048576, ) == 0x0
 02492  1764   NtAllocateVirtualMemory  (-1, 251387904, 0, 8192, 4096, 4, ... 251387904, 8192, ) == 0x0
 02493  2388   NtWaitForSingleObject  (96, 0, 0x0, ...
 02494  1764   NtProtectVirtualMemory  (-1, (0xefbe000), 4096, 260, ... (0xefbe000), 4096, 4, ) == 0x0
 02495  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1004, {1304, 2392}, ) == 0x0
 02496  1764   NtQueryInformationThread  (1004, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed4000,Pid=1304,Tid=2392,}, 0x0, ) == 0x0
 02497  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58214, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58214, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0\30\5\0\0X\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58215, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0\30\5\0\0X\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58215, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58214, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0\30\5\0\0X\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58215, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0\30\5\0\0X\11\0\0" )  ) == 0x0
 02498  1764   NtResumeThread  (1004, ... 1, ) == 0x0
 02499  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02500  2392   NtWaitForSingleObject  (96, 0, 0x0, ...
 02499  1764   NtAllocateVirtualMemory  ... 251396096, 1048576, ) == 0x0
 02501  1764   NtAllocateVirtualMemory  (-1, 252436480, 0, 8192, 4096, 4, ... 252436480, 8192, ) == 0x0
 02502  1764   NtProtectVirtualMemory  (-1, (0xf0be000), 4096, 260, ... (0xf0be000), 4096, 4, ) == 0x0
 02503  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1008, {1304, 2396}, ) == 0x0
 02504  1764   NtQueryInformationThread  (1008, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed3000,Pid=1304,Tid=2396,}, 0x0, ) == 0x0
 02505  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58215, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58215, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0\30\5\0\0\\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58216, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0\30\5\0\0\\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58216, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58215, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0\30\5\0\0\\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58216, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0\30\5\0\0\\11\0\0" )  ) == 0x0
 02506  1764   NtResumeThread  (1008, ... 1, ) == 0x0
 02507  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 252444672, 1048576, ) == 0x0
 02508  1764   NtAllocateVirtualMemory  (-1, 253485056, 0, 8192, 4096, 4, ... 253485056, 8192, ) == 0x0
 02509  2396   NtWaitForSingleObject  (96, 0, 0x0, ...
 02510  1764   NtProtectVirtualMemory  (-1, (0xf1be000), 4096, 260, ... (0xf1be000), 4096, 4, ) == 0x0
 02511  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1012, {1304, 2400}, ) == 0x0
 02512  1764   NtQueryInformationThread  (1012, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed2000,Pid=1304,Tid=2400,}, 0x0, ) == 0x0
 02513  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58216, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58216, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0\30\5\0\0`\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58217, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0\30\5\0\0`\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58217, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58216, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0\30\5\0\0`\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58217, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0\30\5\0\0`\11\0\0" )  ) == 0x0
 02514  1764   NtResumeThread  (1012, ... 1, ) == 0x0
 02515  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02516  2400   NtWaitForSingleObject  (96, 0, 0x0, ...
 02515  1764   NtAllocateVirtualMemory  ... 253493248, 1048576, ) == 0x0
 02517  1764   NtAllocateVirtualMemory  (-1, 254533632, 0, 8192, 4096, 4, ... 254533632, 8192, ) == 0x0
 02518  1764   NtProtectVirtualMemory  (-1, (0xf2be000), 4096, 260, ... (0xf2be000), 4096, 4, ) == 0x0
 02519  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1016, {1304, 2404}, ) == 0x0
 02520  1764   NtQueryInformationThread  (1016, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed1000,Pid=1304,Tid=2404,}, 0x0, ) == 0x0
 02521  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58217, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58217, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0\30\5\0\0d\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58218, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0\30\5\0\0d\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58218, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58217, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0\30\5\0\0d\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58218, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0\30\5\0\0d\11\0\0" )  ) == 0x0
 02522  1764   NtResumeThread  (1016, ... 1, ) == 0x0
 02523  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 254541824, 1048576, ) == 0x0
 02524  1764   NtAllocateVirtualMemory  (-1, 255582208, 0, 8192, 4096, 4, ... 255582208, 8192, ) == 0x0
 02525  2404   NtWaitForSingleObject  (96, 0, 0x0, ...
 02526  1764   NtProtectVirtualMemory  (-1, (0xf3be000), 4096, 260, ... (0xf3be000), 4096, 4, ) == 0x0
 02527  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1020, {1304, 2408}, ) == 0x0
 02528  1764   NtQueryInformationThread  (1020, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fed0000,Pid=1304,Tid=2408,}, 0x0, ) == 0x0
 02529  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58218, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58218, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0\30\5\0\0h\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58219, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0\30\5\0\0h\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58219, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58218, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0\30\5\0\0h\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58219, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0\30\5\0\0h\11\0\0" )  ) == 0x0
 02530  1764   NtResumeThread  (1020, ... 1, ) == 0x0
 02531  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02532  2408   NtWaitForSingleObject  (96, 0, 0x0, ...
 02531  1764   NtAllocateVirtualMemory  ... 255590400, 1048576, ) == 0x0
 02533  1764   NtAllocateVirtualMemory  (-1, 256630784, 0, 8192, 4096, 4, ... 256630784, 8192, ) == 0x0
 02534  1764   NtProtectVirtualMemory  (-1, (0xf4be000), 4096, 260, ... (0xf4be000), 4096, 4, ) == 0x0
 02535  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1024, {1304, 2412}, ) == 0x0
 02536  1764   NtQueryInformationThread  (1024, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fecf000,Pid=1304,Tid=2412,}, 0x0, ) == 0x0
 02537  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58219, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58219, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0\30\5\0\0l\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58220, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0\30\5\0\0l\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58220, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58219, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0\30\5\0\0l\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58220, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0\30\5\0\0l\11\0\0" )  ) == 0x0
 02538  1764   NtResumeThread  (1024, ... 1, ) == 0x0
 02539  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 256638976, 1048576, ) == 0x0
 02540  1764   NtAllocateVirtualMemory  (-1, 257679360, 0, 8192, 4096, 4, ... 257679360, 8192, ) == 0x0
 02541  2412   NtWaitForSingleObject  (96, 0, 0x0, ...
 02542  1764   NtProtectVirtualMemory  (-1, (0xf5be000), 4096, 260, ... (0xf5be000), 4096, 4, ) == 0x0
 02543  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1028, {1304, 2416}, ) == 0x0
 02544  1764   NtQueryInformationThread  (1028, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fece000,Pid=1304,Tid=2416,}, 0x0, ) == 0x0
 02545  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58220, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58220, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0\30\5\0\0p\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58221, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0\30\5\0\0p\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58221, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58220, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0\30\5\0\0p\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58221, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0\30\5\0\0p\11\0\0" )  ) == 0x0
 02546  1764   NtResumeThread  (1028, ... 1, ) == 0x0
 02547  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02548  2416   NtWaitForSingleObject  (96, 0, 0x0, ...
 02547  1764   NtAllocateVirtualMemory  ... 257687552, 1048576, ) == 0x0
 02549  1764   NtAllocateVirtualMemory  (-1, 258727936, 0, 8192, 4096, 4, ... 258727936, 8192, ) == 0x0
 02550  1764   NtProtectVirtualMemory  (-1, (0xf6be000), 4096, 260, ... (0xf6be000), 4096, 4, ) == 0x0
 02551  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1032, {1304, 2420}, ) == 0x0
 02552  1764   NtQueryInformationThread  (1032, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fecd000,Pid=1304,Tid=2420,}, 0x0, ) == 0x0
 02553  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58221, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58221, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0\30\5\0\0t\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58222, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0\30\5\0\0t\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58222, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58221, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0\30\5\0\0t\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58222, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0\30\5\0\0t\11\0\0" )  ) == 0x0
 02554  1764   NtResumeThread  (1032, ... 1, ) == 0x0
 02555  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 258736128, 1048576, ) == 0x0
 02556  1764   NtAllocateVirtualMemory  (-1, 259776512, 0, 8192, 4096, 4, ... 259776512, 8192, ) == 0x0
 02557  2420   NtWaitForSingleObject  (96, 0, 0x0, ...
 02558  1764   NtProtectVirtualMemory  (-1, (0xf7be000), 4096, 260, ... (0xf7be000), 4096, 4, ) == 0x0
 02559  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1036, {1304, 2424}, ) == 0x0
 02560  1764   NtQueryInformationThread  (1036, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fecc000,Pid=1304,Tid=2424,}, 0x0, ) == 0x0
 02561  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58222, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58222, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0\30\5\0\0x\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58223, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0\30\5\0\0x\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58223, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58222, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0\30\5\0\0x\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58223, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0\30\5\0\0x\11\0\0" )  ) == 0x0
 02562  1764   NtResumeThread  (1036, ... 1, ) == 0x0
 02563  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02564  2424   NtWaitForSingleObject  (96, 0, 0x0, ...
 02563  1764   NtAllocateVirtualMemory  ... 259784704, 1048576, ) == 0x0
 02565  1764   NtAllocateVirtualMemory  (-1, 260825088, 0, 8192, 4096, 4, ... 260825088, 8192, ) == 0x0
 02566  1764   NtProtectVirtualMemory  (-1, (0xf8be000), 4096, 260, ... (0xf8be000), 4096, 4, ) == 0x0
 02567  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1040, {1304, 2428}, ) == 0x0
 02568  1764   NtQueryInformationThread  (1040, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fecb000,Pid=1304,Tid=2428,}, 0x0, ) == 0x0
 02569  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58223, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58223, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0\30\5\0\0|\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58224, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0\30\5\0\0|\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58224, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58223, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0\30\5\0\0|\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58224, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0\30\5\0\0|\11\0\0" )  ) == 0x0
 02570  1764   NtResumeThread  (1040, ... 1, ) == 0x0
 02571  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 260833280, 1048576, ) == 0x0
 02572  1764   NtAllocateVirtualMemory  (-1, 261873664, 0, 8192, 4096, 4, ... 261873664, 8192, ) == 0x0
 02573  2428   NtWaitForSingleObject  (96, 0, 0x0, ...
 02574  1764   NtProtectVirtualMemory  (-1, (0xf9be000), 4096, 260, ... (0xf9be000), 4096, 4, ) == 0x0
 02575  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1044, {1304, 2432}, ) == 0x0
 02576  1764   NtQueryInformationThread  (1044, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feca000,Pid=1304,Tid=2432,}, 0x0, ) == 0x0
 02577  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58224, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58224, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0\30\5\0\0\200\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58225, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0\30\5\0\0\200\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58225, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58224, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0\30\5\0\0\200\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58225, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0\30\5\0\0\200\11\0\0" )  ) == 0x0
 02578  1764   NtResumeThread  (1044, ... 1, ) == 0x0
 02579  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02580  2432   NtWaitForSingleObject  (96, 0, 0x0, ...
 02579  1764   NtAllocateVirtualMemory  ... 261881856, 1048576, ) == 0x0
 02581  1764   NtAllocateVirtualMemory  (-1, 262922240, 0, 8192, 4096, 4, ... 262922240, 8192, ) == 0x0
 02582  1764   NtProtectVirtualMemory  (-1, (0xfabe000), 4096, 260, ... (0xfabe000), 4096, 4, ) == 0x0
 02583  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1048, {1304, 2436}, ) == 0x0
 02584  1764   NtQueryInformationThread  (1048, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec9000,Pid=1304,Tid=2436,}, 0x0, ) == 0x0
 02585  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58225, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58225, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0\30\5\0\0\204\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58226, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0\30\5\0\0\204\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58226, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58225, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0\30\5\0\0\204\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58226, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0\30\5\0\0\204\11\0\0" )  ) == 0x0
 02586  1764   NtResumeThread  (1048, ... 1, ) == 0x0
 02587  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 262930432, 1048576, ) == 0x0
 02588  1764   NtAllocateVirtualMemory  (-1, 263970816, 0, 8192, 4096, 4, ... 263970816, 8192, ) == 0x0
 02589  2436   NtWaitForSingleObject  (96, 0, 0x0, ...
 02590  1764   NtProtectVirtualMemory  (-1, (0xfbbe000), 4096, 260, ... (0xfbbe000), 4096, 4, ) == 0x0
 02591  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1052, {1304, 2440}, ) == 0x0
 02592  1764   NtQueryInformationThread  (1052, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec8000,Pid=1304,Tid=2440,}, 0x0, ) == 0x0
 02593  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58226, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58226, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0\30\5\0\0\210\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58227, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0\30\5\0\0\210\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58227, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58226, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0\30\5\0\0\210\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58227, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0\30\5\0\0\210\11\0\0" )  ) == 0x0
 02594  1764   NtResumeThread  (1052, ... 1, ) == 0x0
 02595  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02596  2440   NtWaitForSingleObject  (96, 0, 0x0, ...
 02595  1764   NtAllocateVirtualMemory  ... 263979008, 1048576, ) == 0x0
 02597  1764   NtAllocateVirtualMemory  (-1, 265019392, 0, 8192, 4096, 4, ... 265019392, 8192, ) == 0x0
 02598  1764   NtProtectVirtualMemory  (-1, (0xfcbe000), 4096, 260, ... (0xfcbe000), 4096, 4, ) == 0x0
 02599  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1056, {1304, 2444}, ) == 0x0
 02600  1764   NtQueryInformationThread  (1056, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec7000,Pid=1304,Tid=2444,}, 0x0, ) == 0x0
 02601  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58227, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58227, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0\30\5\0\0\214\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58228, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0\30\5\0\0\214\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58228, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58227, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0\30\5\0\0\214\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58228, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0\30\5\0\0\214\11\0\0" )  ) == 0x0
 02602  1764   NtResumeThread  (1056, ... 1, ) == 0x0
 02603  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 265027584, 1048576, ) == 0x0
 02604  1764   NtAllocateVirtualMemory  (-1, 266067968, 0, 8192, 4096, 4, ... 266067968, 8192, ) == 0x0
 02605  2444   NtWaitForSingleObject  (96, 0, 0x0, ...
 02606  1764   NtProtectVirtualMemory  (-1, (0xfdbe000), 4096, 260, ... (0xfdbe000), 4096, 4, ) == 0x0
 02607  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1060, {1304, 2448}, ) == 0x0
 02608  1764   NtQueryInformationThread  (1060, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec6000,Pid=1304,Tid=2448,}, 0x0, ) == 0x0
 02609  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58228, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58228, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0\30\5\0\0\220\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58229, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0\30\5\0\0\220\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58229, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58228, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0\30\5\0\0\220\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58229, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0\30\5\0\0\220\11\0\0" )  ) == 0x0
 02610  1764   NtResumeThread  (1060, ... 1, ) == 0x0
 02611  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02612  2448   NtWaitForSingleObject  (96, 0, 0x0, ...
 02611  1764   NtAllocateVirtualMemory  ... 266076160, 1048576, ) == 0x0
 02613  1764   NtAllocateVirtualMemory  (-1, 267116544, 0, 8192, 4096, 4, ... 267116544, 8192, ) == 0x0
 02614  1764   NtProtectVirtualMemory  (-1, (0xfebe000), 4096, 260, ... (0xfebe000), 4096, 4, ) == 0x0
 02615  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1064, {1304, 2452}, ) == 0x0
 02616  1764   NtQueryInformationThread  (1064, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec5000,Pid=1304,Tid=2452,}, 0x0, ) == 0x0
 02617  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58229, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58229, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0\30\5\0\0\224\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58230, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0\30\5\0\0\224\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58230, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58229, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0\30\5\0\0\224\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58230, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0\30\5\0\0\224\11\0\0" )  ) == 0x0
 02618  1764   NtResumeThread  (1064, ... 1, ) == 0x0
 02619  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 267124736, 1048576, ) == 0x0
 02620  1764   NtAllocateVirtualMemory  (-1, 268165120, 0, 8192, 4096, 4, ... 268165120, 8192, ) == 0x0
 02621  2452   NtWaitForSingleObject  (96, 0, 0x0, ...
 02622  1764   NtProtectVirtualMemory  (-1, (0xffbe000), 4096, 260, ... (0xffbe000), 4096, 4, ) == 0x0
 02623  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1068, {1304, 2456}, ) == 0x0
 02624  1764   NtQueryInformationThread  (1068, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec4000,Pid=1304,Tid=2456,}, 0x0, ) == 0x0
 02625  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58230, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58230, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0\30\5\0\0\230\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58231, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0\30\5\0\0\230\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58231, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58230, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0\30\5\0\0\230\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58231, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0\30\5\0\0\230\11\0\0" )  ) == 0x0
 02626  1764   NtResumeThread  (1068, ... 1, ) == 0x0
 02627  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02628  2456   NtWaitForSingleObject  (96, 0, 0x0, ...
 02627  1764   NtAllocateVirtualMemory  ... 268173312, 1048576, ) == 0x0
 02629  1764   NtAllocateVirtualMemory  (-1, 269213696, 0, 8192, 4096, 4, ... 269213696, 8192, ) == 0x0
 02630  1764   NtProtectVirtualMemory  (-1, (0x100be000), 4096, 260, ... (0x100be000), 4096, 4, ) == 0x0
 02631  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1072, {1304, 2460}, ) == 0x0
 02632  1764   NtQueryInformationThread  (1072, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec3000,Pid=1304,Tid=2460,}, 0x0, ) == 0x0
 02633  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58231, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58231, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0\30\5\0\0\234\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58232, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0\30\5\0\0\234\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58232, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58231, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0\30\5\0\0\234\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58232, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0\30\5\0\0\234\11\0\0" )  ) == 0x0
 02634  1764   NtResumeThread  (1072, ... 1, ) == 0x0
 02635  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 269221888, 1048576, ) == 0x0
 02636  1764   NtAllocateVirtualMemory  (-1, 270262272, 0, 8192, 4096, 4, ... 270262272, 8192, ) == 0x0
 02637  2460   NtWaitForSingleObject  (96, 0, 0x0, ...
 02638  1764   NtProtectVirtualMemory  (-1, (0x101be000), 4096, 260, ... (0x101be000), 4096, 4, ) == 0x0
 02639  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1076, {1304, 2464}, ) == 0x0
 02640  1764   NtQueryInformationThread  (1076, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec2000,Pid=1304,Tid=2464,}, 0x0, ) == 0x0
 02641  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58232, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58232, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0\30\5\0\0\240\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58233, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0\30\5\0\0\240\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58233, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58232, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0\30\5\0\0\240\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58233, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0\30\5\0\0\240\11\0\0" )  ) == 0x0
 02642  1764   NtResumeThread  (1076, ... 1, ) == 0x0
 02643  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02644  2464   NtWaitForSingleObject  (96, 0, 0x0, ...
 02643  1764   NtAllocateVirtualMemory  ... 270270464, 1048576, ) == 0x0
 02645  1764   NtAllocateVirtualMemory  (-1, 271310848, 0, 8192, 4096, 4, ... 271310848, 8192, ) == 0x0
 02646  1764   NtProtectVirtualMemory  (-1, (0x102be000), 4096, 260, ... (0x102be000), 4096, 4, ) == 0x0
 02647  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1080, {1304, 2468}, ) == 0x0
 02648  1764   NtQueryInformationThread  (1080, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec1000,Pid=1304,Tid=2468,}, 0x0, ) == 0x0
 02649  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58233, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58233, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0\30\5\0\0\244\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58234, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0\30\5\0\0\244\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58234, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58233, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0\30\5\0\0\244\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58234, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0\30\5\0\0\244\11\0\0" )  ) == 0x0
 02650  1764   NtResumeThread  (1080, ... 1, ) == 0x0
 02651  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 271319040, 1048576, ) == 0x0
 02652  1764   NtAllocateVirtualMemory  (-1, 272359424, 0, 8192, 4096, 4, ... 272359424, 8192, ) == 0x0
 02653  2468   NtWaitForSingleObject  (96, 0, 0x0, ...
 02654  1764   NtProtectVirtualMemory  (-1, (0x103be000), 4096, 260, ... (0x103be000), 4096, 4, ) == 0x0
 02655  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1084, {1304, 2472}, ) == 0x0
 02656  1764   NtQueryInformationThread  (1084, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fec0000,Pid=1304,Tid=2472,}, 0x0, ) == 0x0
 02657  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58234, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58234, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0\30\5\0\0\250\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58235, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0\30\5\0\0\250\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58235, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58234, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0\30\5\0\0\250\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58235, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0\30\5\0\0\250\11\0\0" )  ) == 0x0
 02658  1764   NtResumeThread  (1084, ... 1, ) == 0x0
 02659  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02660  2472   NtWaitForSingleObject  (96, 0, 0x0, ...
 02659  1764   NtAllocateVirtualMemory  ... 272367616, 1048576, ) == 0x0
 02661  1764   NtAllocateVirtualMemory  (-1, 273408000, 0, 8192, 4096, 4, ... 273408000, 8192, ) == 0x0
 02662  1764   NtProtectVirtualMemory  (-1, (0x104be000), 4096, 260, ... (0x104be000), 4096, 4, ) == 0x0
 02663  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1088, {1304, 2476}, ) == 0x0
 02664  1764   NtQueryInformationThread  (1088, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febf000,Pid=1304,Tid=2476,}, 0x0, ) == 0x0
 02665  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58235, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58235, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0\30\5\0\0\254\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58236, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0\30\5\0\0\254\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58236, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58235, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0\30\5\0\0\254\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58236, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0\30\5\0\0\254\11\0\0" )  ) == 0x0
 02666  1764   NtResumeThread  (1088, ... 1, ) == 0x0
 02667  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 273416192, 1048576, ) == 0x0
 02668  1764   NtAllocateVirtualMemory  (-1, 274456576, 0, 8192, 4096, 4, ... 274456576, 8192, ) == 0x0
 02669  2476   NtWaitForSingleObject  (96, 0, 0x0, ...
 02670  1764   NtProtectVirtualMemory  (-1, (0x105be000), 4096, 260, ... (0x105be000), 4096, 4, ) == 0x0
 02671  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1092, {1304, 2480}, ) == 0x0
 02672  1764   NtQueryInformationThread  (1092, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febe000,Pid=1304,Tid=2480,}, 0x0, ) == 0x0
 02673  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58236, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58236, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0\30\5\0\0\260\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58237, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0\30\5\0\0\260\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58237, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58236, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0\30\5\0\0\260\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58237, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0\30\5\0\0\260\11\0\0" )  ) == 0x0
 02674  1764   NtResumeThread  (1092, ... 1, ) == 0x0
 02675  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02676  2480   NtWaitForSingleObject  (96, 0, 0x0, ...
 02675  1764   NtAllocateVirtualMemory  ... 274464768, 1048576, ) == 0x0
 02677  1764   NtAllocateVirtualMemory  (-1, 275505152, 0, 8192, 4096, 4, ... 275505152, 8192, ) == 0x0
 02678  1764   NtProtectVirtualMemory  (-1, (0x106be000), 4096, 260, ... (0x106be000), 4096, 4, ) == 0x0
 02679  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1096, {1304, 2484}, ) == 0x0
 02680  1764   NtQueryInformationThread  (1096, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febd000,Pid=1304,Tid=2484,}, 0x0, ) == 0x0
 02681  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58237, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58237, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0\30\5\0\0\264\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58238, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0\30\5\0\0\264\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58238, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58237, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0\30\5\0\0\264\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58238, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0\30\5\0\0\264\11\0\0" )  ) == 0x0
 02682  1764   NtResumeThread  (1096, ... 1, ) == 0x0
 02683  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 275513344, 1048576, ) == 0x0
 02684  1764   NtAllocateVirtualMemory  (-1, 276553728, 0, 8192, 4096, 4, ... 276553728, 8192, ) == 0x0
 02685  2484   NtWaitForSingleObject  (96, 0, 0x0, ...
 02686  1764   NtProtectVirtualMemory  (-1, (0x107be000), 4096, 260, ... (0x107be000), 4096, 4, ) == 0x0
 02687  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1100, {1304, 2488}, ) == 0x0
 02688  1764   NtQueryInformationThread  (1100, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febc000,Pid=1304,Tid=2488,}, 0x0, ) == 0x0
 02689  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58238, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58238, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0\30\5\0\0\270\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58239, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0\30\5\0\0\270\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58239, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58238, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0\30\5\0\0\270\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58239, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0\30\5\0\0\270\11\0\0" )  ) == 0x0
 02690  1764   NtResumeThread  (1100, ... 1, ) == 0x0
 02691  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02692  2488   NtWaitForSingleObject  (96, 0, 0x0, ...
 02691  1764   NtAllocateVirtualMemory  ... 276561920, 1048576, ) == 0x0
 02693  1764   NtAllocateVirtualMemory  (-1, 277602304, 0, 8192, 4096, 4, ... 277602304, 8192, ) == 0x0
 02694  1764   NtProtectVirtualMemory  (-1, (0x108be000), 4096, 260, ... (0x108be000), 4096, 4, ) == 0x0
 02695  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1104, {1304, 2492}, ) == 0x0
 02696  1764   NtQueryInformationThread  (1104, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7febb000,Pid=1304,Tid=2492,}, 0x0, ) == 0x0
 02697  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58239, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58239, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0\30\5\0\0\274\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58240, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0\30\5\0\0\274\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58240, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58239, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0\30\5\0\0\274\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58240, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0\30\5\0\0\274\11\0\0" )  ) == 0x0
 02698  1764   NtResumeThread  (1104, ... 1, ) == 0x0
 02699  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 277610496, 1048576, ) == 0x0
 02700  1764   NtAllocateVirtualMemory  (-1, 278650880, 0, 8192, 4096, 4, ... 278650880, 8192, ) == 0x0
 02701  2492   NtWaitForSingleObject  (96, 0, 0x0, ...
 02702  1764   NtProtectVirtualMemory  (-1, (0x109be000), 4096, 260, ... (0x109be000), 4096, 4, ) == 0x0
 02703  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1108, {1304, 2496}, ) == 0x0
 02704  1764   NtQueryInformationThread  (1108, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feba000,Pid=1304,Tid=2496,}, 0x0, ) == 0x0
 02705  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58240, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58240, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0\30\5\0\0\300\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58241, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0\30\5\0\0\300\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58241, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58240, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0\30\5\0\0\300\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58241, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0\30\5\0\0\300\11\0\0" )  ) == 0x0
 02706  1764   NtResumeThread  (1108, ... 1, ) == 0x0
 02707  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02708  2496   NtWaitForSingleObject  (96, 0, 0x0, ...
 02707  1764   NtAllocateVirtualMemory  ... 278659072, 1048576, ) == 0x0
 02709  1764   NtAllocateVirtualMemory  (-1, 279699456, 0, 8192, 4096, 4, ... 279699456, 8192, ) == 0x0
 02710  1764   NtProtectVirtualMemory  (-1, (0x10abe000), 4096, 260, ... (0x10abe000), 4096, 4, ) == 0x0
 02711  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1112, {1304, 2500}, ) == 0x0
 02712  1764   NtQueryInformationThread  (1112, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb9000,Pid=1304,Tid=2500,}, 0x0, ) == 0x0
 02713  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58241, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58241, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0\30\5\0\0\304\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58242, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0\30\5\0\0\304\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58242, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58241, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0\30\5\0\0\304\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58242, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0\30\5\0\0\304\11\0\0" )  ) == 0x0
 02714  1764   NtResumeThread  (1112, ... 1, ) == 0x0
 02715  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02716  2500   NtWaitForSingleObject  (96, 0, 0x0, ...
 02715  1764   NtAllocateVirtualMemory  ... 279707648, 1048576, ) == 0x0
 02717  1764   NtAllocateVirtualMemory  (-1, 280748032, 0, 8192, 4096, 4, ... 280748032, 8192, ) == 0x0
 02718  1764   NtProtectVirtualMemory  (-1, (0x10bbe000), 4096, 260, ... (0x10bbe000), 4096, 4, ) == 0x0
 02719  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1116, {1304, 2516}, ) == 0x0
 02720  1764   NtQueryInformationThread  (1116, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb8000,Pid=1304,Tid=2516,}, 0x0, ) == 0x0
 02721  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58242, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58242, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0\30\5\0\0\324\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58243, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0\30\5\0\0\324\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58243, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58242, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0\30\5\0\0\324\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58243, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0\30\5\0\0\324\11\0\0" )  ) == 0x0
 02722  1764   NtResumeThread  (1116, ... 1, ) == 0x0
 02723  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 280756224, 1048576, ) == 0x0
 02724  1764   NtAllocateVirtualMemory  (-1, 281796608, 0, 8192, 4096, 4, ... 281796608, 8192, ) == 0x0
 02725  2516   NtWaitForSingleObject  (96, 0, 0x0, ...
 02726  1764   NtProtectVirtualMemory  (-1, (0x10cbe000), 4096, 260, ... (0x10cbe000), 4096, 4, ) == 0x0
 02727  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1120, {1304, 2520}, ) == 0x0
 02728  1764   NtQueryInformationThread  (1120, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb7000,Pid=1304,Tid=2520,}, 0x0, ) == 0x0
 02729  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58243, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58243, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0\30\5\0\0\330\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58244, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0\30\5\0\0\330\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58244, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58243, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0\30\5\0\0\330\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58244, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0\30\5\0\0\330\11\0\0" )  ) == 0x0
 02730  1764   NtResumeThread  (1120, ... 1, ) == 0x0
 02731  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02732  2520   NtWaitForSingleObject  (96, 0, 0x0, ...
 02731  1764   NtAllocateVirtualMemory  ... 281804800, 1048576, ) == 0x0
 02733  1764   NtAllocateVirtualMemory  (-1, 282845184, 0, 8192, 4096, 4, ... 282845184, 8192, ) == 0x0
 02734  1764   NtProtectVirtualMemory  (-1, (0x10dbe000), 4096, 260, ... (0x10dbe000), 4096, 4, ) == 0x0
 02735  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1124, {1304, 2524}, ) == 0x0
 02736  1764   NtQueryInformationThread  (1124, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb6000,Pid=1304,Tid=2524,}, 0x0, ) == 0x0
 02737  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58244, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58244, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0\30\5\0\0\334\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58245, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0\30\5\0\0\334\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58245, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58244, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0\30\5\0\0\334\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58245, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0\30\5\0\0\334\11\0\0" )  ) == 0x0
 02738  1764   NtResumeThread  (1124, ... 1, ) == 0x0
 02739  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 282853376, 1048576, ) == 0x0
 02740  1764   NtAllocateVirtualMemory  (-1, 283893760, 0, 8192, 4096, 4, ... 283893760, 8192, ) == 0x0
 02741  2524   NtWaitForSingleObject  (96, 0, 0x0, ...
 02742  1764   NtProtectVirtualMemory  (-1, (0x10ebe000), 4096, 260, ... (0x10ebe000), 4096, 4, ) == 0x0
 02743  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1128, {1304, 2528}, ) == 0x0
 02744  1764   NtQueryInformationThread  (1128, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb5000,Pid=1304,Tid=2528,}, 0x0, ) == 0x0
 02745  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58245, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58245, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\4\0\0\30\5\0\0\340\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58246, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\4\0\0\30\5\0\0\340\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58246, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58245, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\4\0\0\30\5\0\0\340\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58246, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\4\0\0\30\5\0\0\340\11\0\0" )  ) == 0x0
 02746  1764   NtResumeThread  (1128, ... 1, ) == 0x0
 02747  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02748  2528   NtWaitForSingleObject  (96, 0, 0x0, ...
 02747  1764   NtAllocateVirtualMemory  ... 283901952, 1048576, ) == 0x0
 02749  1764   NtAllocateVirtualMemory  (-1, 284942336, 0, 8192, 4096, 4, ... 284942336, 8192, ) == 0x0
 02750  1764   NtProtectVirtualMemory  (-1, (0x10fbe000), 4096, 260, ... (0x10fbe000), 4096, 4, ) == 0x0
 02751  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1132, {1304, 2532}, ) == 0x0
 02752  1764   NtQueryInformationThread  (1132, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb4000,Pid=1304,Tid=2532,}, 0x0, ) == 0x0
 02753  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58246, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58246, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0\30\5\0\0\344\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58247, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0\30\5\0\0\344\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58247, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58246, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0\30\5\0\0\344\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58247, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0\30\5\0\0\344\11\0\0" )  ) == 0x0
 02754  1764   NtResumeThread  (1132, ... 1, ) == 0x0
 02755  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 284950528, 1048576, ) == 0x0
 02756  1764   NtAllocateVirtualMemory  (-1, 285990912, 0, 8192, 4096, 4, ... 285990912, 8192, ) == 0x0
 02757  2532   NtWaitForSingleObject  (96, 0, 0x0, ...
 02758  1764   NtProtectVirtualMemory  (-1, (0x110be000), 4096, 260, ... (0x110be000), 4096, 4, ) == 0x0
 02759  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1136, {1304, 2536}, ) == 0x0
 02760  1764   NtQueryInformationThread  (1136, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb3000,Pid=1304,Tid=2536,}, 0x0, ) == 0x0
 02761  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58247, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58247, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\4\0\0\30\5\0\0\350\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58248, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\4\0\0\30\5\0\0\350\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58248, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58247, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\4\0\0\30\5\0\0\350\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58248, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\4\0\0\30\5\0\0\350\11\0\0" )  ) == 0x0
 02762  1764   NtResumeThread  (1136, ... 1, ) == 0x0
 02763  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02764  2536   NtWaitForSingleObject  (96, 0, 0x0, ...
 02763  1764   NtAllocateVirtualMemory  ... 285999104, 1048576, ) == 0x0
 02765  1764   NtAllocateVirtualMemory  (-1, 287039488, 0, 8192, 4096, 4, ... 287039488, 8192, ) == 0x0
 02766  1764   NtProtectVirtualMemory  (-1, (0x111be000), 4096, 260, ... (0x111be000), 4096, 4, ) == 0x0
 02767  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1140, {1304, 2540}, ) == 0x0
 02768  1764   NtQueryInformationThread  (1140, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb2000,Pid=1304,Tid=2540,}, 0x0, ) == 0x0
 02769  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58248, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58248, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\4\0\0\30\5\0\0\354\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58249, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\4\0\0\30\5\0\0\354\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58249, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58248, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\4\0\0\30\5\0\0\354\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58249, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\4\0\0\30\5\0\0\354\11\0\0" )  ) == 0x0
 02770  1764   NtResumeThread  (1140, ... 1, ) == 0x0
 02771  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 287047680, 1048576, ) == 0x0
 02772  1764   NtAllocateVirtualMemory  (-1, 288088064, 0, 8192, 4096, 4, ... 288088064, 8192, ) == 0x0
 02773  2540   NtWaitForSingleObject  (96, 0, 0x0, ...
 02774  1764   NtProtectVirtualMemory  (-1, (0x112be000), 4096, 260, ... (0x112be000), 4096, 4, ) == 0x0
 02775  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1144, {1304, 2544}, ) == 0x0
 02776  1764   NtQueryInformationThread  (1144, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb1000,Pid=1304,Tid=2544,}, 0x0, ) == 0x0
 02777  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58249, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58249, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\4\0\0\30\5\0\0\360\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58250, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\4\0\0\30\5\0\0\360\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58250, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58249, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\4\0\0\30\5\0\0\360\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58250, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\4\0\0\30\5\0\0\360\11\0\0" )  ) == 0x0
 02778  1764   NtResumeThread  (1144, ... 1, ) == 0x0
 02779  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02780  2544   NtWaitForSingleObject  (96, 0, 0x0, ...
 02779  1764   NtAllocateVirtualMemory  ... 288096256, 1048576, ) == 0x0
 02781  1764   NtAllocateVirtualMemory  (-1, 289136640, 0, 8192, 4096, 4, ... 289136640, 8192, ) == 0x0
 02782  1764   NtProtectVirtualMemory  (-1, (0x113be000), 4096, 260, ... (0x113be000), 4096, 4, ) == 0x0
 02783  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1148, {1304, 2548}, ) == 0x0
 02784  1764   NtQueryInformationThread  (1148, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feb0000,Pid=1304,Tid=2548,}, 0x0, ) == 0x0
 02785  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58250, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58250, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\4\0\0\30\5\0\0\364\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58251, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\4\0\0\30\5\0\0\364\11\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58251, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58250, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\4\0\0\30\5\0\0\364\11\0\0" ... {28, 56, reply, 0, 1304, 1764, 58251, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\4\0\0\30\5\0\0\364\11\0\0" )  ) == 0x0
 02786  1764   NtResumeThread  (1148, ... 1, ) == 0x0
 02787  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 289144832, 1048576, ) == 0x0
 02788  1764   NtAllocateVirtualMemory  (-1, 290185216, 0, 8192, 4096, 4, ... 290185216, 8192, ) == 0x0
 02789  2548   NtWaitForSingleObject  (96, 0, 0x0, ...
 02790  1764   NtProtectVirtualMemory  (-1, (0x114be000), 4096, 260, ... (0x114be000), 4096, 4, ) == 0x0
 02791  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1152, {1304, 2564}, ) == 0x0
 02792  1764   NtQueryInformationThread  (1152, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feaf000,Pid=1304,Tid=2564,}, 0x0, ) == 0x0
 02793  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58251, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58251, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\4\0\0\30\5\0\0\4\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58252, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\4\0\0\30\5\0\0\4\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58252, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58251, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\4\0\0\30\5\0\0\4\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58252, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\4\0\0\30\5\0\0\4\12\0\0" )  ) == 0x0
 02794  1764   NtResumeThread  (1152, ... 1, ) == 0x0
 02795  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02796   460   NtUnmapViewOfSection  (-1, 0xb80000, ...
 02797  2564   NtWaitForSingleObject  (96, 0, 0x0, ...
 02796   460   NtUnmapViewOfSection  ... ) == 0x0
 02798   460   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11006760, ... ) }, 11006760, ... ) == 0x0
 02799   460   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 5, 96, ... 1156, {status=0x0, info=1}, ) }, 5, 96, ... 1156, {status=0x0, info=1}, ) == 0x0
 02800   460   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 1156, ... 1160, ) == 0x0
 02795  1764   NtAllocateVirtualMemory  ... 290193408, 1048576, ) == 0x0
 02801  1764   NtAllocateVirtualMemory  (-1, 291233792, 0, 8192, 4096, 4, ... 291233792, 8192, ) == 0x0
 02802  1764   NtProtectVirtualMemory  (-1, (0x115be000), 4096, 260, ... (0x115be000), 4096, 4, ) == 0x0
 02803  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 02804   460   NtQuerySection  (1160, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 02805   460   NtClose  (1156, ... ) == 0x0
 02806   460   NtMapViewOfSection  (1160, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71a50000), 0x0, 258048, ) == 0x0
 02807   460   NtClose  (1160, ... ) == 0x0
 02808   460   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 02803  1764   NtCreateThread  ... 1160, {1304, 2568}, ) == 0x0
 02809  1764   NtQueryInformationThread  (1160, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feae000,Pid=1304,Tid=2568,}, 0x0, ) == 0x0
 02810  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58252, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58252, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\4\0\0\30\5\0\0\10\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58253, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\4\0\0\30\5\0\0\10\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58253, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58252, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\4\0\0\30\5\0\0\10\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58253, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\4\0\0\30\5\0\0\10\12\0\0" )  ) == 0x0
 02811  1764   NtResumeThread  (1160, ... 1, ) == 0x0
 02812  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 291241984, 1048576, ) == 0x0
 02813  1764   NtAllocateVirtualMemory  (-1, 292282368, 0, 8192, 4096, 4, ... 292282368, 8192, ) == 0x0
 02814  2568   NtWaitForSingleObject  (96, 0, 0x0, ...
 02815  1764   NtProtectVirtualMemory  (-1, (0x116be000), 4096, 260, ... (0x116be000), 4096, 4, ) == 0x0
 02816  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1156, {1304, 2572}, ) == 0x0
 02817  1764   NtQueryInformationThread  (1156, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fead000,Pid=1304,Tid=2572,}, 0x0, ) == 0x0
 02818  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58253, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58253, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\4\0\0\30\5\0\0\14\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58254, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\4\0\0\30\5\0\0\14\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58254, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58253, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\4\0\0\30\5\0\0\14\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58254, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\4\0\0\30\5\0\0\14\12\0\0" )  ) == 0x0
 02819  1764   NtResumeThread  (1156, ... 1, ) == 0x0
 02820  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02821  2572   NtWaitForSingleObject  (96, 0, 0x0, ...
 02820  1764   NtAllocateVirtualMemory  ... 292290560, 1048576, ) == 0x0
 02822  1764   NtAllocateVirtualMemory  (-1, 293330944, 0, 8192, 4096, 4, ... 293330944, 8192, ) == 0x0
 02823  1764   NtProtectVirtualMemory  (-1, (0x117be000), 4096, 260, ... (0x117be000), 4096, 4, ) == 0x0
 02824  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1164, {1304, 2576}, ) == 0x0
 02825  1764   NtQueryInformationThread  (1164, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feac000,Pid=1304,Tid=2576,}, 0x0, ) == 0x0
 02826  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58254, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58254, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\4\0\0\30\5\0\0\20\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58255, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\4\0\0\30\5\0\0\20\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58255, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58254, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\4\0\0\30\5\0\0\20\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58255, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\4\0\0\30\5\0\0\20\12\0\0" )  ) == 0x0
 02827  1764   NtResumeThread  (1164, ... 1, ) == 0x0
 02828  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 293339136, 1048576, ) == 0x0
 02829  1764   NtAllocateVirtualMemory  (-1, 294379520, 0, 8192, 4096, 4, ... 294379520, 8192, ) == 0x0
 02830  2576   NtWaitForSingleObject  (96, 0, 0x0, ...
 02831  1764   NtProtectVirtualMemory  (-1, (0x118be000), 4096, 260, ... (0x118be000), 4096, 4, ) == 0x0
 02832  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1168, {1304, 2580}, ) == 0x0
 02833  1764   NtQueryInformationThread  (1168, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feab000,Pid=1304,Tid=2580,}, 0x0, ) == 0x0
 02834  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58255, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58255, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\4\0\0\30\5\0\0\24\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58256, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\4\0\0\30\5\0\0\24\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58256, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58255, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\4\0\0\30\5\0\0\24\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58256, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\4\0\0\30\5\0\0\24\12\0\0" )  ) == 0x0
 02835  1764   NtResumeThread  (1168, ... 1, ) == 0x0
 02836  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02837  2580   NtWaitForSingleObject  (96, 0, 0x0, ...
 02836  1764   NtAllocateVirtualMemory  ... 294387712, 1048576, ) == 0x0
 02838  1764   NtAllocateVirtualMemory  (-1, 295428096, 0, 8192, 4096, 4, ... 295428096, 8192, ) == 0x0
 02839  1764   NtProtectVirtualMemory  (-1, (0x119be000), 4096, 260, ... (0x119be000), 4096, 4, ) == 0x0
 02840  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1172, {1304, 2584}, ) == 0x0
 02841  1764   NtQueryInformationThread  (1172, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feaa000,Pid=1304,Tid=2584,}, 0x0, ) == 0x0
 02842  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58256, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58256, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\4\0\0\30\5\0\0\30\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58257, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\4\0\0\30\5\0\0\30\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58257, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58256, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\4\0\0\30\5\0\0\30\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58257, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\4\0\0\30\5\0\0\30\12\0\0" )  ) == 0x0
 02843  1764   NtResumeThread  (1172, ... 1, ) == 0x0
 02844  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 295436288, 1048576, ) == 0x0
 02845  1764   NtAllocateVirtualMemory  (-1, 296476672, 0, 8192, 4096, 4, ... 296476672, 8192, ) == 0x0
 02846  2584   NtWaitForSingleObject  (96, 0, 0x0, ...
 02847  1764   NtProtectVirtualMemory  (-1, (0x11abe000), 4096, 260, ... (0x11abe000), 4096, 4, ) == 0x0
 02848  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1176, {1304, 2588}, ) == 0x0
 02849  1764   NtQueryInformationThread  (1176, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea9000,Pid=1304,Tid=2588,}, 0x0, ) == 0x0
 02850  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58257, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58257, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\4\0\0\30\5\0\0\34\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58258, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\4\0\0\30\5\0\0\34\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58258, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58257, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\4\0\0\30\5\0\0\34\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58258, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\4\0\0\30\5\0\0\34\12\0\0" )  ) == 0x0
 02851  1764   NtResumeThread  (1176, ... 1, ) == 0x0
 02852  2588   NtWaitForSingleObject  (96, 0, 0x0, ...
 02853  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 296484864, 1048576, ) == 0x0
 02854  1764   NtAllocateVirtualMemory  (-1, 297525248, 0, 8192, 4096, 4, ... 297525248, 8192, ) == 0x0
 02855  1764   NtProtectVirtualMemory  (-1, (0x11bbe000), 4096, 260, ... (0x11bbe000), 4096, 4, ) == 0x0
 02856  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1180, {1304, 2592}, ) == 0x0
 02857  1764   NtQueryInformationThread  (1180, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea8000,Pid=1304,Tid=2592,}, 0x0, ) == 0x0
 02858  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58258, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58258, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\4\0\0\30\5\0\0 \12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58259, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\4\0\0\30\5\0\0 \12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58259, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58258, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\4\0\0\30\5\0\0 \12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58259, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\4\0\0\30\5\0\0 \12\0\0" )  ) == 0x0
 02859  1764   NtResumeThread  (1180, ... 1, ) == 0x0
 02860  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 297533440, 1048576, ) == 0x0
 02861  1764   NtAllocateVirtualMemory  (-1, 298573824, 0, 8192, 4096, 4, ...
 02862  2592   NtWaitForSingleObject  (96, 0, 0x0, ...
 02861  1764   NtAllocateVirtualMemory  ... 298573824, 8192, ) == 0x0
 02863  1764   NtProtectVirtualMemory  (-1, (0x11cbe000), 4096, 260, ... (0x11cbe000), 4096, 4, ) == 0x0
 02864  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1184, {1304, 2596}, ) == 0x0
 02865  1764   NtQueryInformationThread  (1184, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea7000,Pid=1304,Tid=2596,}, 0x0, ) == 0x0
 02866  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58259, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58259, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\4\0\0\30\5\0\0$\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58260, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\4\0\0\30\5\0\0$\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58260, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58259, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\4\0\0\30\5\0\0$\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58260, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\4\0\0\30\5\0\0$\12\0\0" )  ) == 0x0
 02867  1764   NtResumeThread  (1184, ... 1, ) == 0x0
 02868  2596   NtWaitForSingleObject  (96, 0, 0x0, ...
 02869  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 298582016, 1048576, ) == 0x0
 02870  1764   NtAllocateVirtualMemory  (-1, 299622400, 0, 8192, 4096, 4, ... 299622400, 8192, ) == 0x0
 02871  1764   NtProtectVirtualMemory  (-1, (0x11dbe000), 4096, 260, ... (0x11dbe000), 4096, 4, ) == 0x0
 02872  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1188, {1304, 2600}, ) == 0x0
 02873  1764   NtQueryInformationThread  (1188, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea6000,Pid=1304,Tid=2600,}, 0x0, ) == 0x0
 02874  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58260, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58260, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\4\0\0\30\5\0\0(\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58261, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\4\0\0\30\5\0\0(\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58261, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58260, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\4\0\0\30\5\0\0(\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58261, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\4\0\0\30\5\0\0(\12\0\0" )  ) == 0x0
 02875  1764   NtResumeThread  (1188, ... 1, ) == 0x0
 02876  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 299630592, 1048576, ) == 0x0
 02877  1764   NtAllocateVirtualMemory  (-1, 300670976, 0, 8192, 4096, 4, ...
 02878  2600   NtWaitForSingleObject  (96, 0, 0x0, ...
 02877  1764   NtAllocateVirtualMemory  ... 300670976, 8192, ) == 0x0
 02879  1764   NtProtectVirtualMemory  (-1, (0x11ebe000), 4096, 260, ... (0x11ebe000), 4096, 4, ) == 0x0
 02880  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1192, {1304, 2604}, ) == 0x0
 02881  1764   NtQueryInformationThread  (1192, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea5000,Pid=1304,Tid=2604,}, 0x0, ) == 0x0
 02882  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58261, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58261, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\4\0\0\30\5\0\0,\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58262, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\4\0\0\30\5\0\0,\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58262, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58261, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\4\0\0\30\5\0\0,\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58262, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\4\0\0\30\5\0\0,\12\0\0" )  ) == 0x0
 02883  1764   NtResumeThread  (1192, ... 1, ) == 0x0
 02884  2604   NtWaitForSingleObject  (96, 0, 0x0, ...
 02885  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 300679168, 1048576, ) == 0x0
 02886  1764   NtAllocateVirtualMemory  (-1, 301719552, 0, 8192, 4096, 4, ... 301719552, 8192, ) == 0x0
 02887  1764   NtProtectVirtualMemory  (-1, (0x11fbe000), 4096, 260, ... (0x11fbe000), 4096, 4, ) == 0x0
 02888  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1196, {1304, 2608}, ) == 0x0
 02889  1764   NtQueryInformationThread  (1196, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea4000,Pid=1304,Tid=2608,}, 0x0, ) == 0x0
 02890  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58262, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58262, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\4\0\0\30\5\0\00\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58263, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\4\0\0\30\5\0\00\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58263, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58262, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\4\0\0\30\5\0\00\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58263, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\4\0\0\30\5\0\00\12\0\0" )  ) == 0x0
 02891  1764   NtResumeThread  (1196, ... 1, ) == 0x0
 02892  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 301727744, 1048576, ) == 0x0
 02893  1764   NtAllocateVirtualMemory  (-1, 302768128, 0, 8192, 4096, 4, ...
 02894  2608   NtWaitForSingleObject  (96, 0, 0x0, ...
 02893  1764   NtAllocateVirtualMemory  ... 302768128, 8192, ) == 0x0
 02895  1764   NtProtectVirtualMemory  (-1, (0x120be000), 4096, 260, ... (0x120be000), 4096, 4, ) == 0x0
 02896  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1200, {1304, 2624}, ) == 0x0
 02897  1764   NtQueryInformationThread  (1200, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea3000,Pid=1304,Tid=2624,}, 0x0, ) == 0x0
 02898  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58263, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58263, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\4\0\0\30\5\0\0@\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58264, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\4\0\0\30\5\0\0@\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58264, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58263, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\4\0\0\30\5\0\0@\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58264, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\4\0\0\30\5\0\0@\12\0\0" )  ) == 0x0
 02899  1764   NtResumeThread  (1200, ... 1, ) == 0x0
 02900  2624   NtWaitForSingleObject  (96, 0, 0x0, ...
 02901  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 302776320, 1048576, ) == 0x0
 02902  1764   NtAllocateVirtualMemory  (-1, 303816704, 0, 8192, 4096, 4, ... 303816704, 8192, ) == 0x0
 02903  1764   NtProtectVirtualMemory  (-1, (0x121be000), 4096, 260, ... (0x121be000), 4096, 4, ) == 0x0
 02904  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1204, {1304, 2628}, ) == 0x0
 02905  1764   NtQueryInformationThread  (1204, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea2000,Pid=1304,Tid=2628,}, 0x0, ) == 0x0
 02906  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58264, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58264, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\4\0\0\30\5\0\0D\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58265, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\4\0\0\30\5\0\0D\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58265, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58264, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\4\0\0\30\5\0\0D\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58265, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\4\0\0\30\5\0\0D\12\0\0" )  ) == 0x0
 02907  1764   NtResumeThread  (1204, ... 1, ) == 0x0
 02908  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 303824896, 1048576, ) == 0x0
 02909  1764   NtAllocateVirtualMemory  (-1, 304865280, 0, 8192, 4096, 4, ...
 02910  2628   NtWaitForSingleObject  (96, 0, 0x0, ...
 02909  1764   NtAllocateVirtualMemory  ... 304865280, 8192, ) == 0x0
 02911  1764   NtProtectVirtualMemory  (-1, (0x122be000), 4096, 260, ... (0x122be000), 4096, 4, ) == 0x0
 02912  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1208, {1304, 2632}, ) == 0x0
 02913  1764   NtQueryInformationThread  (1208, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea1000,Pid=1304,Tid=2632,}, 0x0, ) == 0x0
 02914  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58265, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58265, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0\30\5\0\0H\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58266, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0\30\5\0\0H\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58266, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58265, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0\30\5\0\0H\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58266, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0\30\5\0\0H\12\0\0" )  ) == 0x0
 02915  1764   NtResumeThread  (1208, ... 1, ) == 0x0
 02916  2632   NtWaitForSingleObject  (96, 0, 0x0, ...
 02917  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 304873472, 1048576, ) == 0x0
 02918  1764   NtAllocateVirtualMemory  (-1, 305913856, 0, 8192, 4096, 4, ... 305913856, 8192, ) == 0x0
 02919  1764   NtProtectVirtualMemory  (-1, (0x123be000), 4096, 260, ... (0x123be000), 4096, 4, ) == 0x0
 02920  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1212, {1304, 2636}, ) == 0x0
 02921  1764   NtQueryInformationThread  (1212, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fea0000,Pid=1304,Tid=2636,}, 0x0, ) == 0x0
 02922  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58266, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58266, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\4\0\0\30\5\0\0L\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58267, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\4\0\0\30\5\0\0L\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58267, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58266, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\4\0\0\30\5\0\0L\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58267, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\4\0\0\30\5\0\0L\12\0\0" )  ) == 0x0
 02923  1764   NtResumeThread  (1212, ... 1, ) == 0x0
 02924  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 305922048, 1048576, ) == 0x0
 02925  1764   NtAllocateVirtualMemory  (-1, 306962432, 0, 8192, 4096, 4, ...
 02926  2636   NtWaitForSingleObject  (96, 0, 0x0, ...
 02925  1764   NtAllocateVirtualMemory  ... 306962432, 8192, ) == 0x0
 02927  1764   NtProtectVirtualMemory  (-1, (0x124be000), 4096, 260, ... (0x124be000), 4096, 4, ) == 0x0
 02928  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1216, {1304, 2640}, ) == 0x0
 02929  1764   NtQueryInformationThread  (1216, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9f000,Pid=1304,Tid=2640,}, 0x0, ) == 0x0
 02930  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58267, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58267, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0\30\5\0\0P\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58268, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0\30\5\0\0P\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58268, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58267, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0\30\5\0\0P\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58268, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0\30\5\0\0P\12\0\0" )  ) == 0x0
 02931  1764   NtResumeThread  (1216, ... 1, ) == 0x0
 02932  2640   NtWaitForSingleObject  (96, 0, 0x0, ...
 02933  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 306970624, 1048576, ) == 0x0
 02934  1764   NtAllocateVirtualMemory  (-1, 308011008, 0, 8192, 4096, 4, ... 308011008, 8192, ) == 0x0
 02935  1764   NtProtectVirtualMemory  (-1, (0x125be000), 4096, 260, ... (0x125be000), 4096, 4, ) == 0x0
 02936  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1220, {1304, 2644}, ) == 0x0
 02937  1764   NtQueryInformationThread  (1220, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9e000,Pid=1304,Tid=2644,}, 0x0, ) == 0x0
 02938  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58268, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58268, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\4\0\0\30\5\0\0T\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58269, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\4\0\0\30\5\0\0T\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58269, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58268, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\4\0\0\30\5\0\0T\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58269, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\4\0\0\30\5\0\0T\12\0\0" )  ) == 0x0
 02939  1764   NtResumeThread  (1220, ... 1, ) == 0x0
 02940  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 308019200, 1048576, ) == 0x0
 02941  1764   NtAllocateVirtualMemory  (-1, 309059584, 0, 8192, 4096, 4, ...
 02942  2644   NtWaitForSingleObject  (96, 0, 0x0, ...
 02941  1764   NtAllocateVirtualMemory  ... 309059584, 8192, ) == 0x0
 02943  1764   NtProtectVirtualMemory  (-1, (0x126be000), 4096, 260, ... (0x126be000), 4096, 4, ) == 0x0
 02944  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1224, {1304, 2648}, ) == 0x0
 02945  1764   NtQueryInformationThread  (1224, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9d000,Pid=1304,Tid=2648,}, 0x0, ) == 0x0
 02946  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58269, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58269, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\4\0\0\30\5\0\0X\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58270, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\4\0\0\30\5\0\0X\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58270, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58269, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\4\0\0\30\5\0\0X\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58270, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\4\0\0\30\5\0\0X\12\0\0" )  ) == 0x0
 02947  1764   NtResumeThread  (1224, ... 1, ) == 0x0
 02948  2648   NtWaitForSingleObject  (96, 0, 0x0, ...
 02949  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 309067776, 1048576, ) == 0x0
 02950  1764   NtAllocateVirtualMemory  (-1, 310108160, 0, 8192, 4096, 4, ... 310108160, 8192, ) == 0x0
 02951  1764   NtProtectVirtualMemory  (-1, (0x127be000), 4096, 260, ... (0x127be000), 4096, 4, ) == 0x0
 02952  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1228, {1304, 2652}, ) == 0x0
 02953  1764   NtQueryInformationThread  (1228, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9c000,Pid=1304,Tid=2652,}, 0x0, ) == 0x0
 02954  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58270, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58270, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\4\0\0\30\5\0\0\\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58271, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\4\0\0\30\5\0\0\\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58271, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58270, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\4\0\0\30\5\0\0\\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58271, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\4\0\0\30\5\0\0\\12\0\0" )  ) == 0x0
 02955  1764   NtResumeThread  (1228, ... 1, ) == 0x0
 02956  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 310116352, 1048576, ) == 0x0
 02957  1764   NtAllocateVirtualMemory  (-1, 311156736, 0, 8192, 4096, 4, ...
 02958  2652   NtWaitForSingleObject  (96, 0, 0x0, ...
 02957  1764   NtAllocateVirtualMemory  ... 311156736, 8192, ) == 0x0
 02959  1764   NtProtectVirtualMemory  (-1, (0x128be000), 4096, 260, ... (0x128be000), 4096, 4, ) == 0x0
 02960  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1232, {1304, 2656}, ) == 0x0
 02961  1764   NtQueryInformationThread  (1232, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9b000,Pid=1304,Tid=2656,}, 0x0, ) == 0x0
 02962  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58271, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58271, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\4\0\0\30\5\0\0`\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58272, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\4\0\0\30\5\0\0`\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58272, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58271, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\4\0\0\30\5\0\0`\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58272, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\4\0\0\30\5\0\0`\12\0\0" )  ) == 0x0
 02963  1764   NtResumeThread  (1232, ... 1, ) == 0x0
 02964  2656   NtWaitForSingleObject  (96, 0, 0x0, ...
 02965  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 311164928, 1048576, ) == 0x0
 02966  1764   NtAllocateVirtualMemory  (-1, 312205312, 0, 8192, 4096, 4, ... 312205312, 8192, ) == 0x0
 02967  1764   NtProtectVirtualMemory  (-1, (0x129be000), 4096, 260, ... (0x129be000), 4096, 4, ) == 0x0
 02968  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1236, {1304, 2660}, ) == 0x0
 02969  1764   NtQueryInformationThread  (1236, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe9a000,Pid=1304,Tid=2660,}, 0x0, ) == 0x0
 02970  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58272, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58272, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\4\0\0\30\5\0\0d\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58273, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\4\0\0\30\5\0\0d\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58273, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58272, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\4\0\0\30\5\0\0d\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58273, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\4\0\0\30\5\0\0d\12\0\0" )  ) == 0x0
 02971  1764   NtResumeThread  (1236, ... 1, ) == 0x0
 02972  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 312213504, 1048576, ) == 0x0
 02973  1764   NtAllocateVirtualMemory  (-1, 313253888, 0, 8192, 4096, 4, ...
 02974  2660   NtWaitForSingleObject  (96, 0, 0x0, ...
 02973  1764   NtAllocateVirtualMemory  ... 313253888, 8192, ) == 0x0
 02975  1764   NtProtectVirtualMemory  (-1, (0x12abe000), 4096, 260, ... (0x12abe000), 4096, 4, ) == 0x0
 02976  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1240, {1304, 2676}, ) == 0x0
 02977  1764   NtQueryInformationThread  (1240, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe99000,Pid=1304,Tid=2676,}, 0x0, ) == 0x0
 02978  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58273, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58273, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0\30\5\0\0t\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58274, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0\30\5\0\0t\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58274, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58273, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0\30\5\0\0t\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58274, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0\30\5\0\0t\12\0\0" )  ) == 0x0
 02979  1764   NtResumeThread  (1240, ... 1, ) == 0x0
 02980  2676   NtWaitForSingleObject  (96, 0, 0x0, ...
 02981  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 313262080, 1048576, ) == 0x0
 02982  1764   NtAllocateVirtualMemory  (-1, 314302464, 0, 8192, 4096, 4, ... 314302464, 8192, ) == 0x0
 02983  1764   NtProtectVirtualMemory  (-1, (0x12bbe000), 4096, 260, ... (0x12bbe000), 4096, 4, ) == 0x0
 02984  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1244, {1304, 2680}, ) == 0x0
 02985  1764   NtQueryInformationThread  (1244, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe98000,Pid=1304,Tid=2680,}, 0x0, ) == 0x0
 02986  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58274, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58274, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\4\0\0\30\5\0\0x\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58275, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\4\0\0\30\5\0\0x\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58275, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58274, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\4\0\0\30\5\0\0x\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58275, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\4\0\0\30\5\0\0x\12\0\0" )  ) == 0x0
 02987  1764   NtResumeThread  (1244, ... 1, ) == 0x0
 02988  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 314310656, 1048576, ) == 0x0
 02989  1764   NtAllocateVirtualMemory  (-1, 315351040, 0, 8192, 4096, 4, ...
 02990  2680   NtWaitForSingleObject  (96, 0, 0x0, ...
 02989  1764   NtAllocateVirtualMemory  ... 315351040, 8192, ) == 0x0
 02991  1764   NtProtectVirtualMemory  (-1, (0x12cbe000), 4096, 260, ... (0x12cbe000), 4096, 4, ) == 0x0
 02992  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1248, {1304, 2684}, ) == 0x0
 02993  1764   NtQueryInformationThread  (1248, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe97000,Pid=1304,Tid=2684,}, 0x0, ) == 0x0
 02994  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58275, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58275, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\4\0\0\30\5\0\0|\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58276, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\4\0\0\30\5\0\0|\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58276, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58275, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\4\0\0\30\5\0\0|\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58276, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\4\0\0\30\5\0\0|\12\0\0" )  ) == 0x0
 02995  1764   NtResumeThread  (1248, ... 1, ) == 0x0
 02996  2684   NtWaitForSingleObject  (96, 0, 0x0, ...
 02997  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 315359232, 1048576, ) == 0x0
 02998  1764   NtAllocateVirtualMemory  (-1, 316399616, 0, 8192, 4096, 4, ... 316399616, 8192, ) == 0x0
 02999  1764   NtProtectVirtualMemory  (-1, (0x12dbe000), 4096, 260, ... (0x12dbe000), 4096, 4, ) == 0x0
 03000  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1252, {1304, 2688}, ) == 0x0
 03001  1764   NtQueryInformationThread  (1252, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe96000,Pid=1304,Tid=2688,}, 0x0, ) == 0x0
 03002  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58276, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58276, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\4\0\0\30\5\0\0\200\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58277, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\4\0\0\30\5\0\0\200\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58277, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58276, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\4\0\0\30\5\0\0\200\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58277, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\4\0\0\30\5\0\0\200\12\0\0" )  ) == 0x0
 03003  1764   NtResumeThread  (1252, ... 1, ) == 0x0
 03004  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 316407808, 1048576, ) == 0x0
 03005  1764   NtAllocateVirtualMemory  (-1, 317448192, 0, 8192, 4096, 4, ...
 03006  2688   NtWaitForSingleObject  (96, 0, 0x0, ...
 03005  1764   NtAllocateVirtualMemory  ... 317448192, 8192, ) == 0x0
 03007  1764   NtProtectVirtualMemory  (-1, (0x12ebe000), 4096, 260, ... (0x12ebe000), 4096, 4, ) == 0x0
 03008  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1256, {1304, 2692}, ) == 0x0
 03009  1764   NtQueryInformationThread  (1256, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe95000,Pid=1304,Tid=2692,}, 0x0, ) == 0x0
 03010  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58277, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58277, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\4\0\0\30\5\0\0\204\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58278, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\4\0\0\30\5\0\0\204\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58278, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58277, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\4\0\0\30\5\0\0\204\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58278, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\4\0\0\30\5\0\0\204\12\0\0" )  ) == 0x0
 03011  1764   NtResumeThread  (1256, ... 1, ) == 0x0
 03012  2692   NtWaitForSingleObject  (96, 0, 0x0, ...
 03013  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 317456384, 1048576, ) == 0x0
 03014  1764   NtAllocateVirtualMemory  (-1, 318496768, 0, 8192, 4096, 4, ... 318496768, 8192, ) == 0x0
 03015  1764   NtProtectVirtualMemory  (-1, (0x12fbe000), 4096, 260, ... (0x12fbe000), 4096, 4, ) == 0x0
 03016  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1260, {1304, 2696}, ) == 0x0
 03017  1764   NtQueryInformationThread  (1260, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe94000,Pid=1304,Tid=2696,}, 0x0, ) == 0x0
 03018  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58278, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58278, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0\30\5\0\0\210\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58279, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0\30\5\0\0\210\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58279, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58278, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0\30\5\0\0\210\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58279, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0\30\5\0\0\210\12\0\0" )  ) == 0x0
 03019  1764   NtResumeThread  (1260, ... 1, ) == 0x0
 03020  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 318504960, 1048576, ) == 0x0
 03021  1764   NtAllocateVirtualMemory  (-1, 319545344, 0, 8192, 4096, 4, ...
 03022  2696   NtWaitForSingleObject  (96, 0, 0x0, ...
 03021  1764   NtAllocateVirtualMemory  ... 319545344, 8192, ) == 0x0
 03023  1764   NtProtectVirtualMemory  (-1, (0x130be000), 4096, 260, ... (0x130be000), 4096, 4, ) == 0x0
 03024  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1264, {1304, 2700}, ) == 0x0
 03025  1764   NtQueryInformationThread  (1264, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe93000,Pid=1304,Tid=2700,}, 0x0, ) == 0x0
 03026  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58279, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58279, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\4\0\0\30\5\0\0\214\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58280, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\4\0\0\30\5\0\0\214\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58280, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58279, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\4\0\0\30\5\0\0\214\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58280, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\4\0\0\30\5\0\0\214\12\0\0" )  ) == 0x0
 03027  1764   NtResumeThread  (1264, ... 1, ) == 0x0
 03028  2700   NtWaitForSingleObject  (96, 0, 0x0, ...
 03029  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 319553536, 1048576, ) == 0x0
 03030  1764   NtAllocateVirtualMemory  (-1, 320593920, 0, 8192, 4096, 4, ... 320593920, 8192, ) == 0x0
 03031  1764   NtProtectVirtualMemory  (-1, (0x131be000), 4096, 260, ... (0x131be000), 4096, 4, ) == 0x0
 03032  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1268, {1304, 2704}, ) == 0x0
 03033  1764   NtQueryInformationThread  (1268, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe92000,Pid=1304,Tid=2704,}, 0x0, ) == 0x0
 03034  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58280, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58280, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\4\0\0\30\5\0\0\220\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58281, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\4\0\0\30\5\0\0\220\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58281, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58280, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\4\0\0\30\5\0\0\220\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58281, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\4\0\0\30\5\0\0\220\12\0\0" )  ) == 0x0
 03035  1764   NtResumeThread  (1268, ... 1, ) == 0x0
 03036  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 320602112, 1048576, ) == 0x0
 03037  1764   NtAllocateVirtualMemory  (-1, 321642496, 0, 8192, 4096, 4, ...
 03038  2704   NtWaitForSingleObject  (96, 0, 0x0, ...
 03037  1764   NtAllocateVirtualMemory  ... 321642496, 8192, ) == 0x0
 03039  1764   NtProtectVirtualMemory  (-1, (0x132be000), 4096, 260, ... (0x132be000), 4096, 4, ) == 0x0
 03040  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1272, {1304, 2708}, ) == 0x0
 03041  1764   NtQueryInformationThread  (1272, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe91000,Pid=1304,Tid=2708,}, 0x0, ) == 0x0
 03042  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58281, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58281, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\4\0\0\30\5\0\0\224\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58282, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\4\0\0\30\5\0\0\224\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58282, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58281, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\4\0\0\30\5\0\0\224\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58282, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\4\0\0\30\5\0\0\224\12\0\0" )  ) == 0x0
 03043  1764   NtResumeThread  (1272, ... 1, ) == 0x0
 03044  2708   NtWaitForSingleObject  (96, 0, 0x0, ...
 03045  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 321650688, 1048576, ) == 0x0
 03046  1764   NtAllocateVirtualMemory  (-1, 322691072, 0, 8192, 4096, 4, ... 322691072, 8192, ) == 0x0
 03047  1764   NtProtectVirtualMemory  (-1, (0x133be000), 4096, 260, ... (0x133be000), 4096, 4, ) == 0x0
 03048  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1276, {1304, 2712}, ) == 0x0
 03049  1764   NtQueryInformationThread  (1276, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe90000,Pid=1304,Tid=2712,}, 0x0, ) == 0x0
 03050  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58282, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58282, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\4\0\0\30\5\0\0\230\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58283, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\4\0\0\30\5\0\0\230\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58283, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58282, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\4\0\0\30\5\0\0\230\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58283, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\4\0\0\30\5\0\0\230\12\0\0" )  ) == 0x0
 03051  1764   NtResumeThread  (1276, ... 1, ) == 0x0
 03052  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 322699264, 1048576, ) == 0x0
 03053  1764   NtAllocateVirtualMemory  (-1, 323739648, 0, 8192, 4096, 4, ...
 03054  2712   NtWaitForSingleObject  (96, 0, 0x0, ...
 03053  1764   NtAllocateVirtualMemory  ... 323739648, 8192, ) == 0x0
 03055  1764   NtProtectVirtualMemory  (-1, (0x134be000), 4096, 260, ... (0x134be000), 4096, 4, ) == 0x0
 03056  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1280, {1304, 2716}, ) == 0x0
 03057  1764   NtQueryInformationThread  (1280, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8f000,Pid=1304,Tid=2716,}, 0x0, ) == 0x0
 03058  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58283, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58283, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0\30\5\0\0\234\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58284, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0\30\5\0\0\234\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58284, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58283, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0\30\5\0\0\234\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58284, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0\30\5\0\0\234\12\0\0" )  ) == 0x0
 03059  1764   NtResumeThread  (1280, ... 1, ) == 0x0
 03060  2716   NtWaitForSingleObject  (96, 0, 0x0, ...
 03061  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 323747840, 1048576, ) == 0x0
 03062  1764   NtAllocateVirtualMemory  (-1, 324788224, 0, 8192, 4096, 4, ... 324788224, 8192, ) == 0x0
 03063  1764   NtProtectVirtualMemory  (-1, (0x135be000), 4096, 260, ... (0x135be000), 4096, 4, ) == 0x0
 03064  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1284, {1304, 2720}, ) == 0x0
 03065  1764   NtQueryInformationThread  (1284, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8e000,Pid=1304,Tid=2720,}, 0x0, ) == 0x0
 03066  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58284, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58284, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\5\0\0\30\5\0\0\240\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58285, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\5\0\0\30\5\0\0\240\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58285, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58284, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\5\0\0\30\5\0\0\240\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58285, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\5\0\0\30\5\0\0\240\12\0\0" )  ) == 0x0
 03067  1764   NtResumeThread  (1284, ... 1, ) == 0x0
 03068  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 324796416, 1048576, ) == 0x0
 03069  1764   NtAllocateVirtualMemory  (-1, 325836800, 0, 8192, 4096, 4, ...
 03070  2720   NtWaitForSingleObject  (96, 0, 0x0, ...
 03069  1764   NtAllocateVirtualMemory  ... 325836800, 8192, ) == 0x0
 03071  1764   NtProtectVirtualMemory  (-1, (0x136be000), 4096, 260, ... (0x136be000), 4096, 4, ) == 0x0
 03072  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1288, {1304, 2724}, ) == 0x0
 03073  1764   NtQueryInformationThread  (1288, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8d000,Pid=1304,Tid=2724,}, 0x0, ) == 0x0
 03074  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58285, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58285, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\5\0\0\30\5\0\0\244\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58286, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\5\0\0\30\5\0\0\244\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58286, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58285, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\5\0\0\30\5\0\0\244\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58286, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\5\0\0\30\5\0\0\244\12\0\0" )  ) == 0x0
 03075  1764   NtResumeThread  (1288, ... 1, ) == 0x0
 03076  2724   NtWaitForSingleObject  (96, 0, 0x0, ...
 03077  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 325844992, 1048576, ) == 0x0
 03078  1764   NtAllocateVirtualMemory  (-1, 326885376, 0, 8192, 4096, 4, ... 326885376, 8192, ) == 0x0
 03079  1764   NtProtectVirtualMemory  (-1, (0x137be000), 4096, 260, ... (0x137be000), 4096, 4, ) == 0x0
 03080  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1292, {1304, 2728}, ) == 0x0
 03081  1764   NtQueryInformationThread  (1292, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8c000,Pid=1304,Tid=2728,}, 0x0, ) == 0x0
 03082  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58286, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58286, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\5\0\0\30\5\0\0\250\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58287, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\5\0\0\30\5\0\0\250\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58287, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58286, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\5\0\0\30\5\0\0\250\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58287, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\5\0\0\30\5\0\0\250\12\0\0" )  ) == 0x0
 03083  1764   NtResumeThread  (1292, ... 1, ) == 0x0
 03084  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 326893568, 1048576, ) == 0x0
 03085  1764   NtAllocateVirtualMemory  (-1, 327933952, 0, 8192, 4096, 4, ...
 03086  2728   NtWaitForSingleObject  (96, 0, 0x0, ...
 03085  1764   NtAllocateVirtualMemory  ... 327933952, 8192, ) == 0x0
 03087  1764   NtProtectVirtualMemory  (-1, (0x138be000), 4096, 260, ... (0x138be000), 4096, 4, ) == 0x0
 03088  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1296, {1304, 2732}, ) == 0x0
 03089  1764   NtQueryInformationThread  (1296, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8b000,Pid=1304,Tid=2732,}, 0x0, ) == 0x0
 03090  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58287, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58287, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0\30\5\0\0\254\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58288, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0\30\5\0\0\254\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58288, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58287, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0\30\5\0\0\254\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58288, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0\30\5\0\0\254\12\0\0" )  ) == 0x0
 03091  1764   NtResumeThread  (1296, ... 1, ) == 0x0
 03092  2732   NtWaitForSingleObject  (96, 0, 0x0, ...
 03093  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 327942144, 1048576, ) == 0x0
 03094  1764   NtAllocateVirtualMemory  (-1, 328982528, 0, 8192, 4096, 4, ... 328982528, 8192, ) == 0x0
 03095  1764   NtProtectVirtualMemory  (-1, (0x139be000), 4096, 260, ... (0x139be000), 4096, 4, ) == 0x0
 03096  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1300, {1304, 2736}, ) == 0x0
 03097  1764   NtQueryInformationThread  (1300, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe8a000,Pid=1304,Tid=2736,}, 0x0, ) == 0x0
 03098  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58288, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58288, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\5\0\0\30\5\0\0\260\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58289, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\5\0\0\30\5\0\0\260\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58289, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58288, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\5\0\0\30\5\0\0\260\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58289, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\5\0\0\30\5\0\0\260\12\0\0" )  ) == 0x0
 03099  1764   NtResumeThread  (1300, ... 1, ) == 0x0
 03100  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 328990720, 1048576, ) == 0x0
 03101  1764   NtAllocateVirtualMemory  (-1, 330031104, 0, 8192, 4096, 4, ...
 03102  2736   NtWaitForSingleObject  (96, 0, 0x0, ...
 03101  1764   NtAllocateVirtualMemory  ... 330031104, 8192, ) == 0x0
 03103  1764   NtProtectVirtualMemory  (-1, (0x13abe000), 4096, 260, ... (0x13abe000), 4096, 4, ) == 0x0
 03104  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1304, {1304, 2740}, ) == 0x0
 03105  1764   NtQueryInformationThread  (1304, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe89000,Pid=1304,Tid=2740,}, 0x0, ) == 0x0
 03106  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58289, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58289, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\5\0\0\30\5\0\0\264\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58290, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\5\0\0\30\5\0\0\264\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58290, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58289, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\5\0\0\30\5\0\0\264\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58290, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\5\0\0\30\5\0\0\264\12\0\0" )  ) == 0x0
 03107  1764   NtResumeThread  (1304, ... 1, ) == 0x0
 03108  2740   NtWaitForSingleObject  (96, 0, 0x0, ...
 03109  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 330039296, 1048576, ) == 0x0
 03110  1764   NtAllocateVirtualMemory  (-1, 331079680, 0, 8192, 4096, 4, ... 331079680, 8192, ) == 0x0
 03111  1764   NtProtectVirtualMemory  (-1, (0x13bbe000), 4096, 260, ... (0x13bbe000), 4096, 4, ) == 0x0
 03112  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1308, {1304, 2744}, ) == 0x0
 03113  1764   NtQueryInformationThread  (1308, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe88000,Pid=1304,Tid=2744,}, 0x0, ) == 0x0
 03114  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58290, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58290, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\5\0\0\30\5\0\0\270\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58291, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\5\0\0\30\5\0\0\270\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58291, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58290, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\5\0\0\30\5\0\0\270\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58291, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\5\0\0\30\5\0\0\270\12\0\0" )  ) == 0x0
 03115  1764   NtResumeThread  (1308, ... 1, ) == 0x0
 03116  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 331087872, 1048576, ) == 0x0
 03117  1764   NtAllocateVirtualMemory  (-1, 332128256, 0, 8192, 4096, 4, ...
 03118  2744   NtWaitForSingleObject  (96, 0, 0x0, ...
 03117  1764   NtAllocateVirtualMemory  ... 332128256, 8192, ) == 0x0
 03119  1764   NtProtectVirtualMemory  (-1, (0x13cbe000), 4096, 260, ... (0x13cbe000), 4096, 4, ) == 0x0
 03120  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1312, {1304, 2748}, ) == 0x0
 03121  1764   NtQueryInformationThread  (1312, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe87000,Pid=1304,Tid=2748,}, 0x0, ) == 0x0
 03122  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58291, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58291, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \5\0\0\30\5\0\0\274\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58292, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \5\0\0\30\5\0\0\274\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58292, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58291, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \5\0\0\30\5\0\0\274\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58292, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \5\0\0\30\5\0\0\274\12\0\0" )  ) == 0x0
 03123  1764   NtResumeThread  (1312, ... 1, ) == 0x0
 03124  2748   NtWaitForSingleObject  (96, 0, 0x0, ...
 03125  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 332136448, 1048576, ) == 0x0
 03126  1764   NtAllocateVirtualMemory  (-1, 333176832, 0, 8192, 4096, 4, ... 333176832, 8192, ) == 0x0
 03127  1764   NtProtectVirtualMemory  (-1, (0x13dbe000), 4096, 260, ... (0x13dbe000), 4096, 4, ) == 0x0
 03128  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1316, {1304, 2752}, ) == 0x0
 03129  1764   NtQueryInformationThread  (1316, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe86000,Pid=1304,Tid=2752,}, 0x0, ) == 0x0
 03130  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58292, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58292, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\5\0\0\30\5\0\0\300\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58293, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\5\0\0\30\5\0\0\300\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58293, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58292, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\5\0\0\30\5\0\0\300\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58293, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\5\0\0\30\5\0\0\300\12\0\0" )  ) == 0x0
 03131  1764   NtResumeThread  (1316, ... 1, ) == 0x0
 03132  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 333185024, 1048576, ) == 0x0
 03133  1764   NtAllocateVirtualMemory  (-1, 334225408, 0, 8192, 4096, 4, ...
 03134  2752   NtWaitForSingleObject  (96, 0, 0x0, ...
 03133  1764   NtAllocateVirtualMemory  ... 334225408, 8192, ) == 0x0
 03135  1764   NtProtectVirtualMemory  (-1, (0x13ebe000), 4096, 260, ... (0x13ebe000), 4096, 4, ) == 0x0
 03136  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1320, {1304, 2756}, ) == 0x0
 03137  1764   NtQueryInformationThread  (1320, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe85000,Pid=1304,Tid=2756,}, 0x0, ) == 0x0
 03138  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58293, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58293, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0\30\5\0\0\304\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58294, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0\30\5\0\0\304\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58294, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58293, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0\30\5\0\0\304\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58294, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0\30\5\0\0\304\12\0\0" )  ) == 0x0
 03139  1764   NtResumeThread  (1320, ... 1, ) == 0x0
 03140  2756   NtWaitForSingleObject  (96, 0, 0x0, ...
 03141  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 334233600, 1048576, ) == 0x0
 03142  1764   NtAllocateVirtualMemory  (-1, 335273984, 0, 8192, 4096, 4, ... 335273984, 8192, ) == 0x0
 03143  1764   NtProtectVirtualMemory  (-1, (0x13fbe000), 4096, 260, ... (0x13fbe000), 4096, 4, ) == 0x0
 03144  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1324, {1304, 2760}, ) == 0x0
 03145  1764   NtQueryInformationThread  (1324, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe84000,Pid=1304,Tid=2760,}, 0x0, ) == 0x0
 03146  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58294, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58294, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\5\0\0\30\5\0\0\310\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58295, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\5\0\0\30\5\0\0\310\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58295, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58294, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\5\0\0\30\5\0\0\310\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58295, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\5\0\0\30\5\0\0\310\12\0\0" )  ) == 0x0
 03147  1764   NtResumeThread  (1324, ... 1, ) == 0x0
 03148  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 335282176, 1048576, ) == 0x0
 03149  2760   NtWaitForSingleObject  (96, 0, 0x0, ...
 03150  1764   NtAllocateVirtualMemory  (-1, 336322560, 0, 8192, 4096, 4, ... 336322560, 8192, ) == 0x0
 03151  1764   NtProtectVirtualMemory  (-1, (0x140be000), 4096, 260, ... (0x140be000), 4096, 4, ) == 0x0
 03152  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1328, {1304, 2764}, ) == 0x0
 03153  1764   NtQueryInformationThread  (1328, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe83000,Pid=1304,Tid=2764,}, 0x0, ) == 0x0
 03154  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58295, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58295, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\5\0\0\30\5\0\0\314\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58296, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\5\0\0\30\5\0\0\314\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58296, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58295, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\5\0\0\30\5\0\0\314\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58296, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\5\0\0\30\5\0\0\314\12\0\0" )  ) == 0x0
 03155  1764   NtResumeThread  (1328, ... 1, ) == 0x0
 03156  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 336330752, 1048576, ) == 0x0
 03157  1764   NtAllocateVirtualMemory  (-1, 337371136, 0, 8192, 4096, 4, ... 337371136, 8192, ) == 0x0
 03158  1764   NtProtectVirtualMemory  (-1, (0x141be000), 4096, 260, ...
 03159  2764   NtWaitForSingleObject  (96, 0, 0x0, ...
 03158  1764   NtProtectVirtualMemory  ... (0x141be000), 4096, 4, ) == 0x0
 03160  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1332, {1304, 2784}, ) == 0x0
 03161  1764   NtQueryInformationThread  (1332, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe82000,Pid=1304,Tid=2784,}, 0x0, ) == 0x0
 03162  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58296, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58296, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\5\0\0\30\5\0\0\340\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58297, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\5\0\0\30\5\0\0\340\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58297, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58296, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\5\0\0\30\5\0\0\340\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58297, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\5\0\0\30\5\0\0\340\12\0\0" )  ) == 0x0
 03163  1764   NtResumeThread  (1332, ... 1, ) == 0x0
 03164  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 337379328, 1048576, ) == 0x0
 03165   460   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ...
 03166  2784   NtWaitForSingleObject  (96, 0, 0x0, ...
 03165   460   NtProtectVirtualMemory  ... (0x71a51000), 4096, 4, ) == 0x0
 03167   460   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 03168   460   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 03169   460   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ... (0x71a51000), 4096, 4, ) == 0x0
 03170   460   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 03171   460   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 03172  1764   NtAllocateVirtualMemory  (-1, 338419712, 0, 8192, 4096, 4, ... 338419712, 8192, ) == 0x0
 03173  1764   NtProtectVirtualMemory  (-1, (0x142be000), 4096, 260, ... (0x142be000), 4096, 4, ) == 0x0
 03174  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1336, {1304, 2788}, ) == 0x0
 03175  1764   NtQueryInformationThread  (1336, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe81000,Pid=1304,Tid=2788,}, 0x0, ) == 0x0
 03176  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58297, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58297, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\5\0\0\30\5\0\0\344\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58298, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\5\0\0\30\5\0\0\344\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58298, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58297, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\5\0\0\30\5\0\0\344\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58298, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\5\0\0\30\5\0\0\344\12\0\0" )  ) == 0x0
 03177  1764   NtResumeThread  (1336, ...
 03178   460   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ... (0x71a51000), 4096, 4, ) == 0x0
 03179   460   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 03177  1764   NtResumeThread  ... 1, ) == 0x0
 03180  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 338427904, 1048576, ) == 0x0
 03181  1764   NtAllocateVirtualMemory  (-1, 339468288, 0, 8192, 4096, 4, ... 339468288, 8192, ) == 0x0
 03182  1764   NtProtectVirtualMemory  (-1, (0x143be000), 4096, 260, ...
 03183  2788   NtWaitForSingleObject  (96, 0, 0x0, ...
 03182  1764   NtProtectVirtualMemory  ... (0x143be000), 4096, 4, ) == 0x0
 03184  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1340, {1304, 2792}, ) == 0x0
 03185  1764   NtQueryInformationThread  (1340, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe80000,Pid=1304,Tid=2792,}, 0x0, ) == 0x0
 03186  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58298, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58298, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\5\0\0\30\5\0\0\350\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58299, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\5\0\0\30\5\0\0\350\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58299, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58298, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\5\0\0\30\5\0\0\350\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58299, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\5\0\0\30\5\0\0\350\12\0\0" )  ) == 0x0
 03187  1764   NtResumeThread  (1340, ... 1, ) == 0x0
 03188  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 339476480, 1048576, ) == 0x0
 03189  2792   NtWaitForSingleObject  (96, 0, 0x0, ...
 03190  1764   NtAllocateVirtualMemory  (-1, 340516864, 0, 8192, 4096, 4, ... 340516864, 8192, ) == 0x0
 03191  1764   NtProtectVirtualMemory  (-1, (0x144be000), 4096, 260, ... (0x144be000), 4096, 4, ) == 0x0
 03192  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1344, {1304, 2796}, ) == 0x0
 03193  1764   NtQueryInformationThread  (1344, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7f000,Pid=1304,Tid=2796,}, 0x0, ) == 0x0
 03194  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58299, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58299, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0\30\5\0\0\354\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58300, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0\30\5\0\0\354\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58300, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58299, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0\30\5\0\0\354\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58300, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0\30\5\0\0\354\12\0\0" )  ) == 0x0
 03195  1764   NtResumeThread  (1344, ... 1, ) == 0x0
 03196  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 340525056, 1048576, ) == 0x0
 03197  1764   NtAllocateVirtualMemory  (-1, 341565440, 0, 8192, 4096, 4, ... 341565440, 8192, ) == 0x0
 03198  1764   NtProtectVirtualMemory  (-1, (0x145be000), 4096, 260, ...
 03199  2796   NtWaitForSingleObject  (96, 0, 0x0, ...
 03198  1764   NtProtectVirtualMemory  ... (0x145be000), 4096, 4, ) == 0x0
 03200  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1348, {1304, 2800}, ) == 0x0
 03201  1764   NtQueryInformationThread  (1348, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7e000,Pid=1304,Tid=2800,}, 0x0, ) == 0x0
 03202  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58300, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58300, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\5\0\0\30\5\0\0\360\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58301, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\5\0\0\30\5\0\0\360\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58301, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58300, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\5\0\0\30\5\0\0\360\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58301, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\5\0\0\30\5\0\0\360\12\0\0" )  ) == 0x0
 03203  1764   NtResumeThread  (1348, ... 1, ) == 0x0
 03204  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 341573632, 1048576, ) == 0x0
 03205  2800   NtWaitForSingleObject  (96, 0, 0x0, ...
 03206  1764   NtAllocateVirtualMemory  (-1, 342614016, 0, 8192, 4096, 4, ... 342614016, 8192, ) == 0x0
 03207  1764   NtProtectVirtualMemory  (-1, (0x146be000), 4096, 260, ... (0x146be000), 4096, 4, ) == 0x0
 03208  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1352, {1304, 2804}, ) == 0x0
 03209  1764   NtQueryInformationThread  (1352, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7d000,Pid=1304,Tid=2804,}, 0x0, ) == 0x0
 03210  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58301, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58301, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\5\0\0\30\5\0\0\364\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58302, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\5\0\0\30\5\0\0\364\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58302, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58301, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\5\0\0\30\5\0\0\364\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58302, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\5\0\0\30\5\0\0\364\12\0\0" )  ) == 0x0
 03211  1764   NtResumeThread  (1352, ... 1, ) == 0x0
 03212  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 342622208, 1048576, ) == 0x0
 03213  1764   NtAllocateVirtualMemory  (-1, 343662592, 0, 8192, 4096, 4, ... 343662592, 8192, ) == 0x0
 03214  1764   NtProtectVirtualMemory  (-1, (0x147be000), 4096, 260, ...
 03215  2804   NtWaitForSingleObject  (96, 0, 0x0, ...
 03214  1764   NtProtectVirtualMemory  ... (0x147be000), 4096, 4, ) == 0x0
 03216  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1356, {1304, 2808}, ) == 0x0
 03217  1764   NtQueryInformationThread  (1356, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7c000,Pid=1304,Tid=2808,}, 0x0, ) == 0x0
 03218  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58302, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58302, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\5\0\0\30\5\0\0\370\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58303, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\5\0\0\30\5\0\0\370\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58303, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58302, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\5\0\0\30\5\0\0\370\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58303, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\5\0\0\30\5\0\0\370\12\0\0" )  ) == 0x0
 03219  1764   NtResumeThread  (1356, ... 1, ) == 0x0
 03220  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 343670784, 1048576, ) == 0x0
 03221  2808   NtWaitForSingleObject  (96, 0, 0x0, ...
 03222  1764   NtAllocateVirtualMemory  (-1, 344711168, 0, 8192, 4096, 4, ... 344711168, 8192, ) == 0x0
 03223  1764   NtProtectVirtualMemory  (-1, (0x148be000), 4096, 260, ... (0x148be000), 4096, 4, ) == 0x0
 03224  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1360, {1304, 2812}, ) == 0x0
 03225  1764   NtQueryInformationThread  (1360, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7b000,Pid=1304,Tid=2812,}, 0x0, ) == 0x0
 03226  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58303, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58303, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\5\0\0\30\5\0\0\374\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58304, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\5\0\0\30\5\0\0\374\12\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58304, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58303, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\5\0\0\30\5\0\0\374\12\0\0" ... {28, 56, reply, 0, 1304, 1764, 58304, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\5\0\0\30\5\0\0\374\12\0\0" )  ) == 0x0
 03227  1764   NtResumeThread  (1360, ... 1, ) == 0x0
 03228  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 344719360, 1048576, ) == 0x0
 03229  1764   NtAllocateVirtualMemory  (-1, 345759744, 0, 8192, 4096, 4, ... 345759744, 8192, ) == 0x0
 03230  1764   NtProtectVirtualMemory  (-1, (0x149be000), 4096, 260, ...
 03231  2812   NtWaitForSingleObject  (96, 0, 0x0, ...
 03230  1764   NtProtectVirtualMemory  ... (0x149be000), 4096, 4, ) == 0x0
 03232  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1364, {1304, 2816}, ) == 0x0
 03233  1764   NtQueryInformationThread  (1364, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe7a000,Pid=1304,Tid=2816,}, 0x0, ) == 0x0
 03234  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58304, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58304, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\5\0\0\30\5\0\0\0\13\0\0" ... {28, 56, reply, 0, 1304, 1764, 58305, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\5\0\0\30\5\0\0\0\13\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58305, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58304, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\5\0\0\30\5\0\0\0\13\0\0" ... {28, 56, reply, 0, 1304, 1764, 58305, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\5\0\0\30\5\0\0\0\13\0\0" )  ) == 0x0
 03235  1764   NtResumeThread  (1364, ... 1, ) == 0x0
 03236  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 345767936, 1048576, ) == 0x0
 03237  2816   NtWaitForSingleObject  (96, 0, 0x0, ...
 03238  1764   NtAllocateVirtualMemory  (-1, 346808320, 0, 8192, 4096, 4, ... 346808320, 8192, ) == 0x0
 03239  1764   NtProtectVirtualMemory  (-1, (0x14abe000), 4096, 260, ... (0x14abe000), 4096, 4, ) == 0x0
 03240  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1368, {1304, 2820}, ) == 0x0
 03241  1764   NtQueryInformationThread  (1368, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe79000,Pid=1304,Tid=2820,}, 0x0, ) == 0x0
 03242  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58305, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58305, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\5\0\0\30\5\0\0\4\13\0\0" ... {28, 56, reply, 0, 1304, 1764, 58306, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\5\0\0\30\5\0\0\4\13\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58306, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58305, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\5\0\0\30\5\0\0\4\13\0\0" ... {28, 56, reply, 0, 1304, 1764, 58306, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\5\0\0\30\5\0\0\4\13\0\0" )  ) == 0x0
 03243  1764   NtResumeThread  (1368, ... 1, ) == 0x0
 03244  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 346816512, 1048576, ) == 0x0
 03245  1764   NtAllocateVirtualMemory  (-1, 347856896, 0, 8192, 4096, 4, ... 347856896, 8192, ) == 0x0
 03246  1764   NtProtectVirtualMemory  (-1, (0x14bbe000), 4096, 260, ...
 03247  2820   NtWaitForSingleObject  (96, 0, 0x0, ...
 03246  1764   NtProtectVirtualMemory  ... (0x14bbe000), 4096, 4, ) == 0x0
 03248  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1372, {1304, 2824}, ) == 0x0
 03249  1764   NtQueryInformationThread  (1372, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe78000,Pid=1304,Tid=2824,}, 0x0, ) == 0x0
 03250  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58306, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58306, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\5\0\0\30\5\0\0\10\13\0\0" ... {28, 56, reply, 0, 1304, 1764, 58307, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\5\0\0\30\5\0\0\10\13\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58307, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58306, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\5\0\0\30\5\0\0\10\13\0\0" ... {28, 56, reply, 0, 1304, 1764, 58307, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\5\0\0\30\5\0\0\10\13\0\0" )  ) == 0x0
 03251  1764   NtResumeThread  (1372, ... 1, ) == 0x0
 03252  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 347865088, 1048576, ) == 0x0
 03253  2824   NtWaitForSingleObject  (96, 0, 0x0, ...
 03254  1764   NtAllocateVirtualMemory  (-1, 348905472, 0, 8192, 4096, 4, ... 348905472, 8192, ) == 0x0
 03255  1764   NtProtectVirtualMemory  (-1, (0x14cbe000), 4096, 260, ... (0x14cbe000), 4096, 4, ) == 0x0
 03256  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1376, {1304, 2828}, ) == 0x0
 03257  1764   NtQueryInformationThread  (1376, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fe77000,Pid=1304,Tid=2828,}, 0x0, ) == 0x0
 03258  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58307, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58307, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\5\0\0\30\5\0\0\14\13\0\0" ... {28, 56, reply, 0, 1304, 1764, 58308, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\5\0\0\30\5\0\0\14\13\0\0" )  ... {28, 56, reply, 0, 1304, 1764, 58308, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58307, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\5\0\0\30\5\0\0\14\13\0\0" ... {28, 56, reply, 0, 1304, 1764, 58308, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\5\0\0\30\5\0\0\14\13\0\0" )  ) == 0x0
 03259  1764   NtResumeThread  (1376, ...
 03260   460   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mswsock.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 03261   460   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 03262   460   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 03263   460   NtSetEventBoostPriority  (96, ...
 00681  1068   NtWaitForSingleObject  ... ) == 0x0
 03264  1068   NtSetEventBoostPriority  (96, ...
 00684  1856   NtWaitForSingleObject  ... ) == 0x0
 03265  1856   NtSetEventBoostPriority  (96, ...
 00694  1596   NtWaitForSingleObject  ... ) == 0x0
 03266  1596   NtSetEventBoostPriority  (96, ...
 00700  1128   NtWaitForSingleObject  ... ) == 0x0
 03267  1128   NtSetEventBoostPriority  (96, ...
 00710  1256   NtWaitForSingleObject  ... ) == 0x0
 03268  1256   NtSetEventBoostPriority  (96, ...
 00716  1800   NtWaitForSingleObject  ... ) == 0x0
 03269  1800   NtSetEventBoostPriority  (96, ...
 00726  1796   NtWaitForSingleObject  ... ) == 0x0
 03270  1796   NtSetEventBoostPriority  (96, ...
 00732  1808   NtWaitForSingleObject  ... ) == 0x0
 03271  1808   NtSetEventBoostPriority  (96, ...
 00742  1700   NtWaitForSingleObject  ... ) == 0x0
 03272  1700   NtSetEventBoostPriority  (96, ...
 00748  1156   NtWaitForSingleObject  ... ) == 0x0
 03273  1156   NtSetEventBoostPriority  (96, ...
 00758   712   NtWaitForSingleObject  ... ) == 0x0
 03274   712   NtSetEventBoostPriority  (96, ...
 00764  1728   NtWaitForSingleObject  ... ) == 0x0
 03275  1728   NtSetEventBoostPriority  (96, ...
 00774  1356   NtWaitForSingleObject  ... ) == 0x0
 03276  1356   NtSetEventBoostPriority  (96, ...
 00780  1536   NtWaitForSingleObject  ... ) == 0x0
 03277  1536   NtSetEventBoostPriority  (96, ...
 00790   444   NtWaitForSingleObject  ... ) == 0x0
 03278   444   NtSetEventBoostPriority  (96, ...
 00796  1904   NtWaitForSingleObject  ... ) == 0x0
 03279  1904   NtSetEventBoostPriority  (96, ...
 00806  1936   NtWaitForSingleObject  ... ) == 0x0
 03280  1936   NtSetEventBoostPriority  (96, ...
 00812  1648   NtWaitForSingleObject  ... ) == 0x0
 03281  1648   NtSetEventBoostPriority  (96, ...
 00822   148   NtWaitForSingleObject  ... ) == 0x0
 03282   148   NtSetEventBoostPriority  (96, ...
 00828  1828   NtWaitForSingleObject  ... ) == 0x0
 03283  1828   NtSetEventBoostPriority  (96, ...
 00838  1864   NtWaitForSingleObject  ... ) == 0x0
 03284  1864   NtSetEventBoostPriority  (96, ...
 00844  1896   NtWaitForSingleObject  ... ) == 0x0
 03285  1896   NtSetEventBoostPriority  (96, ...
 00854  1524   NtWaitForSingleObject  ... ) == 0x0
 03286  1524   NtSetEventBoostPriority  (96, ...
 00860  2044   NtWaitForSingleObject  ... ) == 0x0
 03287  2044   NtSetEventBoostPriority  (96, ...
 00870   968   NtWaitForSingleObject  ... ) == 0x0
 03288   968   NtSetEventBoostPriority  (96, ...
 00876   308   NtWaitForSingleObject  ... ) == 0x0
 03289   308   NtAllocateVirtualMemory  (-1, 8802304, 0, 4096, 4096, 4, ... 8802304, 4096, ) == 0x0
 03288   968   NtSetEventBoostPriority  ... ) == 0x0
 03287  2044   NtSetEventBoostPriority  ... ) == 0x0
 03286  1524   NtSetEventBoostPriority  ... ) == 0x0
 03285  1896   NtSetEventBoostPriority  ... ) == 0x0
 03284  1864   NtSetEventBoostPriority  ... ) == 0x0
 03283  1828   NtSetEventBoostPriority  ... ) == 0x0
 03282   148   NtSetEventBoostPriority  ... ) == 0x0
 03281  1648   NtSetEventBoostPriority  ... ) == 0x0
 03280  1936   NtSetEventBoostPriority  ... ) == 0x0
 03279  1904   NtSetEventBoostPriority  ... ) == 0x0
 03278   444   NtSetEventBoostPriority  ... ) == 0x0
 03277  1536   NtSetEventBoostPriority  ... ) == 0x0
 03276  1356   NtSetEventBoostPriority  ... ) == 0x0
 03275  1728   NtSetEventBoostPriority  ... ) == 0x0
 03274   712   NtSetEventBoostPriority  ... ) == 0x0
 03273  1156   NtSetEventBoostPriority  ... ) == 0x0
 03272  1700   NtSetEventBoostPriority  ... ) == 0x0
 03271  1808   NtSetEventBoostPriority  ... ) == 0x0
 03270  1796   NtSetEventBoostPriority  ... ) == 0x0
 03269  1800   NtSetEventBoostPriority  ... ) == 0x0
 03268  1256   NtSetEventBoostPriority  ... ) == 0x0
 03267  1128   NtSetEventBoostPriority  ... ) == 0x0
 03266  1596   NtSetEventBoostPriority  ... ) == 0x0
 03265  1856   NtSetEventBoostPriority  ... ) == 0x0
 03264  1068   NtSetEventBoostPriority  ... ) == 0x0
 03263   460   NtSetEventBoostPriority  ... ) == 0x0
 03259  1764   NtResumeThread  ... 1, ) == 0x0
 03290   308   NtSetEventBoostPriority  (96, ...
 03291  2828   NtWaitForSingleObject  (96, 0, 0x0, ...
 03292   968   NtTestAlert  (...
 03293  2044   NtTestAlert  (...
 03294  1524   NtTestAlert  (...
 03295  1896   NtTestAlert  (...
 03296  1864   NtTestAlert  (...
 03297  1828   NtTestAlert  (...
 03298   148   NtTestAlert  (...
 03299  1648   NtTestAlert  (...
 03300  1936   NtTestAlert  (...
 03301  1904   NtTestAlert  (...
 03302   444   NtTestAlert  (...
 03303  1536   NtTestAlert  (...
 03304  1356   NtTestAlert  (...
 03305  1728   NtTestAlert  (...
 03306   712   NtTestAlert  (...
 03307  1156   NtTestAlert  (...
 03308  1700   NtTestAlert  (...
 03309  1808   NtTestAlert  (...
 03310  1796   NtTestAlert  (...
 03311  1800   NtTestAlert  (...
 03312  1256   NtTestAlert  (...
 03313  1128   NtTestAlert  (...
 03314  1596   NtTestAlert  (...
 03315  1856   NtTestAlert  (...
 03316   460   NtWaitForSingleObject  (96, 0, 0x0, ...
 03317  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 00886   764   NtWaitForSingleObject  ... ) == 0x0
 03290   308   NtSetEventBoostPriority  ... ) == 0x0
 03292   968   NtTestAlert  ... ) == 0x0
 03293  2044   NtTestAlert  ... ) == 0x0
 03294  1524   NtTestAlert  ... ) == 0x0
 03295  1896   NtTestAlert  ... ) == 0x0
 03296  1864   NtTestAlert  ... ) == 0x0
 03297  1828   NtTestAlert  ... ) == 0x0
 03298   148   NtTestAlert  ... ) == 0x0
 03299  1648   NtTestAlert  ... ) == 0x0
 03300  1936   NtTestAlert  ... ) == 0x0
 03301  1904   NtTestAlert  ... ) == 0x0
 03302   444   NtTestAlert  ... ) == 0x0
 03303  1536   NtTestAlert  ... ) == 0x0
 03304  1356   NtTestAlert  ... ) == 0x0
 03305  1728   NtTestAlert  ... ) == 0x0
 03306   712   NtTestAlert  ... ) == 0x0
 03307  1156   NtTestAlert  ... ) == 0x0
 03308  1700   NtTestAlert  ... ) == 0x0
 03309  1808   NtTestAlert  ... ) == 0x0
 03310  1796   NtTestAlert  ... ) == 0x0
 03311  1800   NtTestAlert  ... ) == 0x0
 03312  1256   NtTestAlert  ... ) == 0x0
 03313  1128   NtTestAlert  ... ) == 0x0
 03314  1596   NtTestAlert  ... ) == 0x0
 03315  1856   NtTestAlert  ... ) == 0x0
 03318   764   NtSetEventBoostPriority  (96, ...
 03317  1764   NtAllocateVirtualMemory  ... 348913664, 1048576, ) == 0x0
 03319   308   NtTestAlert  (...
 03320   968   NtContinue  (37485872, 1, ...
 03321  2044   NtContinue  (36437296, 1, ...
 03322  1524   NtContinue  (35388720, 1, ...
 03323  1896   NtContinue  (34340144, 1, ...
 03324  1864   NtContinue  (33291568, 1, ...
 03325  1828   NtContinue  (32242992, 1, ...
 03326   148   NtContinue  (31194416, 1, ...
 03327  1648   NtContinue  (30145840, 1, ...
 03328  1936   NtContinue  (29097264, 1, ...
 03329  1904   NtContinue  (28048688, 1, ...
 03330   444   NtContinue  (27000112, 1, ...
 03331  1536   NtContinue  (25951536, 1, ...
 03332  1356   NtContinue  (24902960, 1, ...
 03333  1728   NtContinue  (23854384, 1, ...
 03334   712   NtContinue  (22805808, 1, ...
 03335  1156   NtContinue  (21757232, 1, ...
 03336  1700   NtContinue  (20708656, 1, ...
 03337  1808   NtContinue  (19660080, 1, ...
 03338  1796   NtContinue  (18611504, 1, ...
 03339  1800   NtContinue  (17562928, 1, ...
 03340  1256   NtContinue  (16514352, 1, ...
 03341  1128   NtContinue  (15465776, 1, ...
 03342  1596   NtContinue  (14417200, 1, ...
 00892  2000   NtWaitForSingleObject  ... ) == 0x0
 03318   764   NtSetEventBoostPriority  ... ) == 0x0
 03343  1856   NtContinue  (13368624, 1, ...
 03344  1764   NtAllocateVirtualMemory  (-1, 349954048, 0, 8192, 4096, 4, ...
 03319   308   NtTestAlert  ... ) == 0x0
 03345   968   NtRegisterThreadTerminatePort  (24, ...
 03346  2044   NtRegisterThreadTerminatePort  (24, ...
 03347  1524   NtRegisterThreadTerminatePort  (24, ...
 03348  1896   NtRegisterThreadTerminatePort  (24, ...
 03349  1864   NtRegisterThreadTerminatePort  (24, ...
 03350  1828   NtRegisterThreadTerminatePort  (24, ...
 03351   148   NtRegisterThreadTerminatePort  (24, ...
 03352  1648   NtRegisterThreadTerminatePort  (24, ...
 03353  1936   NtRegisterThreadTerminatePort  (24, ...
 03354  1904   NtRegisterThreadTerminatePort  (24, ...
 03355   444   NtRegisterThreadTerminatePort  (24, ...
 03356  1536   NtRegisterThreadTerminatePort  (24, ...
 03357  1356   NtRegisterThreadTerminatePort  (24, ...
 03358  1728   NtRegisterThreadTerminatePort  (24, ...
 03359   712   NtRegisterThreadTerminatePort  (24, ...
 03360  1156   NtRegisterThreadTerminatePort  (24, ...
 03361  1700   NtRegisterThreadTerminatePort  (24, ...
 03362  1808   NtRegisterThreadTerminatePort  (24, ...
 03363  1796   NtRegisterThreadTerminatePort  (24, ...
 03364  1800   NtRegisterThreadTerminatePort  (24, ...
 03365  1256   NtRegisterThreadTerminatePort  (24, ...
 03366  1128   NtRegisterThreadTerminatePort  (24, ...
 03367  2000   NtSetEventBoostPriority  (96, ...
 03368  1596   NtRegisterThreadTerminatePort  (24, ...
 03369  1068   NtTestAlert  (...
 03370  1856   NtRegisterThreadTerminatePort  (24, ...
 03344  1764   NtAllocateVirtualMemory  ... 349954048, 8192, ) == 0x0
 03371   308   NtContinue  (38534448, 1, ...
 03345   968   NtRegisterThreadTerminatePort  ... ) == 0x0
 03346  2044   NtRegisterThreadTerminatePort  ... ) == 0x0
 03347  1524   NtRegisterThreadTerminatePort  ... ) == 0x0
 03348  1896   NtRegisterThreadTerminatePort  ... ) == 0x0
 03349  1864   NtRegisterThreadTerminatePort  ... ) == 0x0
 03350  1828   NtRegisterThreadTerminatePort  ... ) == 0x0
 03351   148   NtRegisterThreadTerminatePort  ... ) == 0x0
 03352  1648   NtRegisterThreadTerminatePort  ... ) == 0x0
 03353  1936   NtRegisterThreadTerminatePort  ... ) == 0x0
 03354  1904   NtRegisterThreadTerminatePort  ... ) == 0x0
 03355   444   NtRegisterThreadTerminatePort  ... ) == 0x0
 03356  1536   NtRegisterThreadTerminatePort  ... ) == 0x0
 03357  1356   NtRegisterThreadTerminatePort  ... ) == 0x0
 03358  1728   NtRegisterThreadTerminatePort  ... ) == 0x0
 03359   712   NtRegisterThreadTerminatePort  ... ) == 0x0
 03360  1156   NtRegisterThreadTerminatePort  ... ) == 0x0
 03361  1700   NtRegisterThreadTerminatePort  ... ) == 0x0
 03362  1808   NtRegisterThreadTerminatePort  ... ) == 0x0
 03363  1796   NtRegisterThreadTerminatePort  ... ) == 0x0
 03364  1800   NtRegisterThreadTerminatePort  ... ) == 0x0
 03365  1256   NtRegisterThreadTerminatePort  ... ) == 0x0
 00902  1852   NtWaitForSingleObject  ... ) == 0x0
 03367  2000   NtSetEventBoostPriority  ... ) == 0x0
 03366  1128   NtRegisterThreadTerminatePort  ... ) == 0x0
 03368  1596   NtRegisterThreadTerminatePort  ... ) == 0x0
 03369  1068   NtTestAlert  ... ) == 0x0
 03370  1856   NtRegisterThreadTerminatePort  ... ) == 0x0
 03372  1764   NtProtectVirtualMemory  (-1, (0x14dbe000), 4096, 260, ...
 03373   308   NtRegisterThreadTerminatePort  (24, ...
 03374   968   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03375  2044   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03376  1524   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03377  1896   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03378  1864   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03379  1828   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03380   148   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03381  1648   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03382  1936   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03383  1904   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03384   444   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03385  1536   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03386  1356   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03387  1728   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03388   712   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03389  1156   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03390  1700   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03391  1808   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03392  1796   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03393  1800   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03394  1852   NtSetEventBoostPriority  (96, ...
 03395  1256   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03396   764   NtTestAlert  (...
 03397  1128   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03398  1596   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03399  1068   NtContinue  (12057904, 1, ...
 03400  1856   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03401  2000   NtTestAlert  (...
 03372  1764   NtProtectVirtualMemory  ... (0x14dbe000), 4096, 4, ) == 0x0
 03373   308   NtRegisterThreadTerminatePort  ... ) == 0x0
 03374   968   NtDuplicateObject  ... 1380, ) == 0x0
 03375  2044   NtDuplicateObject  ... 1384, ) == 0x0
 03376  1524   NtDuplicateObject  ... 1388, ) == 0x0
 03377  1896   NtDuplicateObject  ... 1392, ) == 0x0
 03378  1864   NtDuplicateObject  ... 1396, ) == 0x0
 03379  1828   NtDuplicateObject  ... 1400, ) == 0x0
 03380   148   NtDuplicateObject  ... 1404, ) == 0x0
 03381  1648   NtDuplicateObject  ... 1408, ) == 0x0
 03382  1936   NtDuplicateObject  ... 1412, ) == 0x0
 03383  1904   NtDuplicateObject  ... 1416, ) == 0x0
 03384   444   NtDuplicateObject  ... 1420, ) == 0x0
 03385  1536   NtDuplicateObject  ... 1424, ) == 0x0
 03386  1356   NtDuplicateObject  ... 1428, ) == 0x0
 03387  1728   NtDuplicateObject  ... 1432, ) == 0x0
 03388   712   NtDuplicateObject  ... 1436, ) == 0x0
 03389  1156   NtDuplicateObject  ... 1440, ) == 0x0
 03390  1700   NtDuplicateObject  ... 1444, ) == 0x0
 03391  1808   NtDuplicateObject  ... 1448, ) == 0x0
 03392  1796   NtDuplicateObject  ... 1452, ) == 0x0
 00908  1420   NtWaitForSingleObject  ... ) == 0x0
 03394  1852   NtSetEventBoostPriority  ... ) == 0x0
 03393  1800   NtDuplicateObject  ... 1456, ) == 0x0
 03396   764   NtTestAlert  ... ) == 0x0
 03395  1256   NtDuplicateObject  ... 1460, ) == 0x0
 03397  1128   NtDuplicateObject  ... 1464, ) == 0x0
 03402  1068   NtRegisterThreadTerminatePort  (24, ...
 03398  1596   NtDuplicateObject  ... 1468, ) == 0x0
 03401  2000   NtTestAlert  ... ) == 0x0
 03403  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03404   308   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03405   968   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03406  2044   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03407  1524   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03408  1896   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03409  1864   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03410  1828   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03411   148   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03412  1648   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03413  1936   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03414  1904   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03415   444   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03416  1536   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03417  1356   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03418  1728   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03419   712   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03420  1156   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03421  1700   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03422  1808   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03423  1420   NtSetEventBoostPriority  (96, ...
 03424  1796   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03400  1856   NtDuplicateObject  ... 1472, ) == 0x0
 03425  1800   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03426   764   NtContinue  (39583024, 1, ...
 03427  1256   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03428  1128   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03402  1068   NtRegisterThreadTerminatePort  ... ) == 0x0
 03429  1596   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03430  2000   NtContinue  (40631600, 1, ...
 03403  1764   NtCreateThread  ... 1476, {1304, 2832}, ) == 0x0
 03404   308   NtDuplicateObject  ... 1480, ) == 0x0
 03405   968   NtWaitForSingleObject  ... ) == 0x102
 03406  2044   NtWaitForSingleObject  ... ) == 0x102
 03407  1524   NtWaitForSingleObject  ... ) == 0x102
 03408  1896   NtWaitForSingleObject  ... ) == 0x102
 03409  1864   NtWaitForSingleObject  ... ) == 0x102
 03410  1828   NtWaitForSingleObject  ... ) == 0x102
 03411   148   NtWaitForSingleObject  ... ) == 0x102
 03412  1648   NtWaitForSingleObject  ... ) == 0x102
 03413  1936   NtWaitForSingleObject  ... ) == 0x102
 03414  1904   NtWaitForSingleObject  ... ) == 0x102
 03415   444   NtWaitForSingleObject  ... ) == 0x102
 03416  1536   NtWaitForSingleObject  ... ) == 0x102
 03417  1356   NtWaitForSingleObject  ... ) == 0x102
 03418  1728   NtWaitForSingleObject  ... ) == 0x102
 03419   712   NtWaitForSingleObject  ... ) == 0x102
 03420  1156   NtWaitForSingleObject  ... ) == 0x102
 03421  1700   NtWaitForSingleObject  ... ) == 0x102
 00918   164   NtWaitForSingleObject  ... ) == 0x0
 03423  1420   NtSetEventBoostPriority  ... ) == 0x0
 03422  1808   NtWaitForSingleObject  ... ) == 0x102
 03424  1796   NtWaitForSingleObject  ... ) == 0x102
 03431  1856   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03425  1800   NtWaitForSingleObject  ... ) == 0x102
 03432   764   NtRegisterThreadTerminatePort  (24, ...
 03427  1256   NtWaitForSingleObject  ... ) == 0x102
 03428  1128   NtWaitForSingleObject  ... ) == 0x102
 03433  1068   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03429  1596   NtWaitForSingleObject  ... ) == 0x102
 03434  2000   NtRegisterThreadTerminatePort  (24, ...
 03435  1764   NtQueryInformationThread  (1476, Basic, 28, ...
 03436   308   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03437   968   NtAllocateVirtualMemory  (-1, 37474304, 0, 4096, 4096, 260, ...
 03438  2044   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03439  1524   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03440  1896   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03441  1864   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03442  1828   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03443   148   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03444  1648   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03445  1936   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03446  1904   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03447   444   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03448  1536   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03449  1356   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03450  1728   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03451   712   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03452  1156   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03453   164   NtSetEventBoostPriority  (96, ...
 03454  1700   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03455  1852   NtTestAlert  (...
 03456  1808   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03457  1796   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03431  1856   NtWaitForSingleObject  ... ) == 0x102
 03458  1800   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03432   764   NtRegisterThreadTerminatePort  ... ) == 0x0
 03459  1256   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03460  1128   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03461  1420   NtTestAlert  (...
 03462  1596   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03434  2000   NtRegisterThreadTerminatePort  ... ) == 0x0
 03435  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe76000,Pid=1304,Tid=2832,}, 0x0, ) == 0x0
 03436   308   NtWaitForSingleObject  ... ) == 0x102
 03437   968   NtAllocateVirtualMemory  ... 37474304, 4096, ) == 0x0
 03438  2044   NtCreateEvent  ... 1484, ) == 0x0
 03439  1524   NtCreateEvent  ... 1488, ) == 0x0
 03440  1896   NtCreateEvent  ... 1492, ) == 0x0
 03441  1864   NtCreateEvent  ... 1496, ) == 0x0
 03442  1828   NtCreateEvent  ... 1500, ) == 0x0
 03443   148   NtCreateEvent  ... 1504, ) == 0x0
 03444  1648   NtCreateEvent  ... 1508, ) == 0x0
 03445  1936   NtCreateEvent  ... 1512, ) == 0x0
 03446  1904   NtCreateEvent  ... 1516, ) == 0x0
 03447   444   NtCreateEvent  ... 1520, ) == 0x0
 03448  1536   NtCreateEvent  ... 1524, ) == 0x0
 03449  1356   NtCreateEvent  ... 1528, ) == 0x0
 03450  1728   NtCreateEvent  ... 1532, ) == 0x0
 03451   712   NtCreateEvent  ... 1536, ) == 0x0
 00924  1564   NtWaitForSingleObject  ... ) == 0x0
 03453   164   NtSetEventBoostPriority  ... ) == 0x0
 03452  1156   NtCreateEvent  ... 1540, ) == 0x0
 03454  1700   NtCreateEvent  ... 1544, ) == 0x0
 03455  1852   NtTestAlert  ... ) == 0x0
 03456  1808   NtCreateEvent  ... 1548, ) == 0x0
 03457  1796   NtCreateEvent  ... 1552, ) == 0x0
 03463  1856   NtAllocateVirtualMemory  (-1, 1368064, 0, 4096, 4096, 4, ...
 03458  1800   NtCreateEvent  ... 1556, ) == 0x0
 03464   764   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03459  1256   NtCreateEvent  ... 1560, ) == 0x0
 03460  1128   NtCreateEvent  ... 1564, ) == 0x0
 03461  1420   NtTestAlert  ... ) == 0x0
 03462  1596   NtCreateEvent  ... 1568, ) == 0x0
 03465  2000   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03466  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58308, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58308, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\5\0\0\30\5\0\0\20\13\0\0" ...  ...
 03433  1068   NtDuplicateObject  ... 1572, ) == 0x0
 03467   308   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03468   968   NtWaitForSingleObject  (96, 0, 0x0, ...
 03469  2044   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03470  1524   NtClose  (1488, ...
 03471  1896   NtClose  (1492, ...
 03472  1864   NtClose  (1496, ...
 03473  1828   NtClose  (1500, ...
 03474   148   NtClose  (1504, ...
 03475  1648   NtClose  (1508, ...
 03476  1936   NtClose  (1512, ...
 03477  1904   NtClose  (1516, ...
 03478   444   NtClose  (1520, ...
 03479  1536   NtClose  (1524, ...
 03480  1356   NtClose  (1528, ...
 03481  1728   NtClose  (1532, ...
 03482  1564   NtSetEventBoostPriority  (96, ...
 03483   712   NtClose  (1536, ...
 03484   164   NtTestAlert  (...
 03485  1156   NtClose  (1540, ...
 03486  1852   NtContinue  (41680176, 1, ...
 03487  1700   NtClose  (1544, ...
 03488  1808   NtClose  (1548, ...
 03463  1856   NtAllocateVirtualMemory  ... 1368064, 4096, ) == 0x0
 03489  1796   NtClose  (1552, ...
 03490  1800   NtClose  (1556, ...
 03464   764   NtCreateEvent  ... 1576, ) == 0x0
 03491  1256   NtClose  (1560, ...
 03492  1420   NtContinue  (42728752, 1, ...
 03493  1128   NtClose  (1564, ...
 03494  1596   NtClose  (1568, ...
 03465  2000   NtCreateEvent  ... 1580, ) == 0x0
 03495  1068   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 03467   308   NtCreateEvent  ... 1584, ) == 0x0
 03470  1524   NtClose  ... ) == 0x0
 03471  1896   NtClose  ... ) == 0x0
 03472  1864   NtClose  ... ) == 0x0
 03473  1828   NtClose  ... ) == 0x0
 03474   148   NtClose  ... ) == 0x0
 03475  1648   NtClose  ... ) == 0x0
 03476  1936   NtClose  ... ) == 0x0
 03477  1904   NtClose  ... ) == 0x0
 03478   444   NtClose  ... ) == 0x0
 03479  1536   NtClose  ... ) == 0x0
 03480  1356   NtClose  ... ) == 0x0
 00934  1592   NtWaitForSingleObject  ... ) == 0x0
 03482  1564   NtSetEventBoostPriority  ... ) == 0x0
 03481  1728   NtClose  ... ) == 0x0
 03483   712   NtClose  ... ) == 0x0
 03484   164   NtTestAlert  ... ) == 0x0
 03485  1156   NtClose  ... ) == 0x0
 03496  1852   NtRegisterThreadTerminatePort  (24, ...
 03487  1700   NtClose  ... ) == 0x0
 03488  1808   NtClose  ... ) == 0x0
 03466  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58309, 0}  ... {28, 56, reply, 0, 1304, 1764, 58309, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\5\0\0\30\5\0\0\20\13\0\0" )  ) == 0x0
 03489  1796   NtClose  ... ) == 0x0
 03490  1800   NtClose  ... ) == 0x0
 03497   764   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03491  1256   NtClose  ... ) == 0x0
 03498  1420   NtRegisterThreadTerminatePort  (24, ...
 03493  1128   NtClose  ... ) == 0x0
 03494  1596   NtClose  ... ) == 0x0
 03499  2000   NtClose  (1580, ...
 03495  1068   NtCreateEvent  ... 1568, ) == 0x0
 03500   308   NtClose  (1584, ...
 03501  1524   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03502  1896   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03503  1864   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03504  1828   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03505   148   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03506  1648   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03507  1936   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03508  1904   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03509   444   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03510  1536   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03511  1592   NtSetEventBoostPriority  (96, ...
 03512  1356   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03513  1856   NtSetEventBoostPriority  (1576, ...
 03514  1728   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03515   712   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03516   164   NtContinue  (43777328, 1, ...
 03517  1156   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03496  1852   NtRegisterThreadTerminatePort  ... ) == 0x0
 03518  1700   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03519  1808   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03520  1764   NtResumeThread  (1476, ...
 03521  1796   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03522  1800   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03523  1256   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03498  1420   NtRegisterThreadTerminatePort  ... ) == 0x0
 03524  1128   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03525  1596   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03499  2000   NtClose  ... ) == 0x0
 03526  1068   NtClose  (1568, ...
 03500   308   NtClose  ... ) == 0x0
 00940  1500   NtWaitForSingleObject  ... ) == 0x0
 03511  1592   NtSetEventBoostPriority  ... ) == 0x0
 03497   764   NtWaitForSingleObject  ... ) == 0x0
 03513  1856   NtSetEventBoostPriority  ... ) == 0x0
 03527   164   NtRegisterThreadTerminatePort  (24, ...
 03528  1852   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03520  1764   NtResumeThread  ... 1, ) == 0x0
 03529  1420   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03530  2000   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03526  1068   NtClose  ... ) == 0x0
 03531  1500   NtSetEventBoostPriority  (96, ...
 03532   308   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03533  1564   NtTestAlert  (...
 03534  2832   NtWaitForSingleObject  (96, 0, 0x0, ...
 03535   764   NtSetEventBoostPriority  (1576, ...
 03536  1856   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03527   164   NtRegisterThreadTerminatePort  ... ) == 0x0
 03537  1592   NtTestAlert  (...
 03538  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 00950   932   NtWaitForSingleObject  ... ) == 0x0
 03531  1500   NtSetEventBoostPriority  ... ) == 0x0
 03539  1068   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03533  1564   NtTestAlert  ... ) == 0x0
 03528  1852   NtWaitForSingleObject  ... ) == 0x0
 03535   764   NtSetEventBoostPriority  ... ) == 0x0
 03540   164   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03537  1592   NtTestAlert  ... ) == 0x0
 03541   932   NtSetEventBoostPriority  (96, ...
 03538  1764   NtAllocateVirtualMemory  ... 349962240, 1048576, ) == 0x0
 03542  1500   NtTestAlert  (...
 03543  1852   NtSetEventBoostPriority  (1576, ...
 03544  1564   NtContinue  (44825904, 1, ...
 03545   764   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00956  1528   NtWaitForSingleObject  ... ) == 0x0
 03541   932   NtSetEventBoostPriority  ... ) == 0x0
 03546  1592   NtContinue  (45874480, 1, ...
 03530  2000   NtWaitForSingleObject  ... ) == 0x0
 03542  1500   NtTestAlert  ... ) == 0x0
 03547  1564   NtRegisterThreadTerminatePort  (24, ...
 03548  1528   NtSetEventBoostPriority  (96, ...
 03545   764   NtDuplicateObject  ... 1568, ) == 0x0
 03543  1852   NtSetEventBoostPriority  ... ) == 0x0
 03549  1764   NtAllocateVirtualMemory  (-1, 351002624, 0, 8192, 4096, 4, ...
 03550  1592   NtRegisterThreadTerminatePort  (24, ...
 03551  2000   NtSetEventBoostPriority  (1576, ...
 03552  1500   NtContinue  (46923056, 1, ...
 00966  1780   NtWaitForSingleObject  ... ) == 0x0
 03548  1528   NtSetEventBoostPriority  ... ) == 0x0
 03547  1564   NtRegisterThreadTerminatePort  ... ) == 0x0
 03553   764   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03554  1852   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03549  1764   NtAllocateVirtualMemory  ... 351002624, 8192, ) == 0x0
 03550  1592   NtRegisterThreadTerminatePort  ... ) == 0x0
 03532   308   NtWaitForSingleObject  ... ) == 0x0
 03551  2000   NtSetEventBoostPriority  ... ) == 0x0
 03555  1780   NtSetEventBoostPriority  (96, ...
 03556  1500   NtRegisterThreadTerminatePort  (24, ...
 03557   932   NtTestAlert  (...
 03558  1564   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03554  1852   NtDuplicateObject  ... 1584, ) == 0x0
 03559  1764   NtProtectVirtualMemory  (-1, (0x14ebe000), 4096, 260, ...
 03560   308   NtSetEventBoostPriority  (1576, ...
 03561  1592   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03562  1528   NtTestAlert  (...
 00972  1804   NtWaitForSingleObject  ... ) == 0x0
 03555  1780   NtSetEventBoostPriority  ... ) == 0x0
 03556  1500   NtRegisterThreadTerminatePort  ... ) == 0x0
 03557   932   NtTestAlert  ... ) == 0x0
 03563  2000   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03529  1420   NtWaitForSingleObject  ... ) == 0x0
 03560   308   NtSetEventBoostPriority  ... ) == 0x0
 03559  1764   NtProtectVirtualMemory  ... (0x14ebe000), 4096, 4, ) == 0x0
 03564  1852   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03565  1804   NtSetEventBoostPriority  (96, ...
 03562  1528   NtTestAlert  ... ) == 0x0
 03566  1500   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03567   932   NtContinue  (47971632, 1, ...
 03568  1420   NtSetEventBoostPriority  (1576, ...
 03563  2000   NtDuplicateObject  ... 1580, ) == 0x0
 03569  1780   NtTestAlert  (...
 03570  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 00982  1644   NtWaitForSingleObject  ... ) == 0x0
 03565  1804   NtSetEventBoostPriority  ... ) == 0x0
 03571  1528   NtContinue  (49020208, 1, ...
 03572   308   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03539  1068   NtWaitForSingleObject  ... ) == 0x0
 03573   932   NtRegisterThreadTerminatePort  (24, ...
 03574  2000   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03569  1780   NtTestAlert  ... ) == 0x0
 03575  1644   NtSetEventBoostPriority  (96, ...
 03570  1764   NtCreateThread  ... 1564, {1304, 2836}, ) == 0x0
 03568  1420   NtSetEventBoostPriority  ... ) == 0x0
 03576  1528   NtRegisterThreadTerminatePort  (24, ...
 03577  1068   NtSetEventBoostPriority  (1576, ...
 03573   932   NtRegisterThreadTerminatePort  ... ) == 0x0
 00988   336   NtWaitForSingleObject  ... ) == 0x0
 03575  1644   NtSetEventBoostPriority  ... ) == 0x0
 03578  1780   NtContinue  (50068784, 1, ...
 03579  1804   NtTestAlert  (...
 03580  1420   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03576  1528   NtRegisterThreadTerminatePort  ... ) == 0x0
 03540   164   NtWaitForSingleObject  ... ) == 0x0
 03581   336   NtSetEventBoostPriority  (96, ...
 03582   932   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03577  1068   NtSetEventBoostPriority  ... ) == 0x0
 03583  1764   NtQueryInformationThread  (1564, Basic, 28, ...
 03584  1780   NtRegisterThreadTerminatePort  (24, ...
 03579  1804   NtTestAlert  ... ) == 0x0
 03580  1420   NtDuplicateObject  ... 1560, ) == 0x0
 03585  1528   NtWaitForSingleObject  (1576, 0, 0x0, ...
 00998   800   NtWaitForSingleObject  ... ) == 0x0
 03581   336   NtSetEventBoostPriority  ... ) == 0x0
 03586   164   NtSetEventBoostPriority  (1576, ...
 03587  1644   NtTestAlert  (...
 03588  1068   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03583  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe75000,Pid=1304,Tid=2836,}, 0x0, ) == 0x0
 03584  1780   NtRegisterThreadTerminatePort  ... ) == 0x0
 03589  1804   NtContinue  (51117360, 1, ...
 03590  1420   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03591   800   NtSetEventBoostPriority  (96, ...
 03553   764   NtWaitForSingleObject  ... ) == 0x0
 03587  1644   NtTestAlert  ... ) == 0x0
 03592  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58309, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58309, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\6\0\0\30\5\0\0\24\13\0\0" ...  ...
 03593  1780   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03594  1804   NtRegisterThreadTerminatePort  (24, ...
 01004   504   NtWaitForSingleObject  ... ) == 0x0
 03591   800   NtSetEventBoostPriority  ... ) == 0x0
 03595   764   NtSetEventBoostPriority  (1576, ...
 03596  1644   NtContinue  (52165936, 1, ...
 03592  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58310, 0}  ... {28, 56, reply, 0, 1304, 1764, 58310, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\6\0\0\30\5\0\0\24\13\0\0" )  ) == 0x0
 03586   164   NtSetEventBoostPriority  ... ) == 0x0
 03597   336   NtTestAlert  (...
 03598   504   NtSetEventBoostPriority  (96, ...
 03594  1804   NtRegisterThreadTerminatePort  ... ) == 0x0
 03558  1564   NtWaitForSingleObject  ... ) == 0x0
 03595   764   NtSetEventBoostPriority  ... ) == 0x0
 03599  1644   NtRegisterThreadTerminatePort  (24, ...
 03600  1764   NtResumeThread  (1564, ...
 03601   164   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01014   888   NtWaitForSingleObject  ... ) == 0x0
 03598   504   NtSetEventBoostPriority  ... ) == 0x0
 03597   336   NtTestAlert  ... ) == 0x0
 03602  1564   NtSetEventBoostPriority  (1576, ...
 03603  1804   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03604   800   NtTestAlert  (...
 03599  1644   NtRegisterThreadTerminatePort  ... ) == 0x0
 03605   764   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03606   888   NtSetEventBoostPriority  (96, ...
 03601   164   NtDuplicateObject  ... 1556, ) == 0x0
 03600  1764   NtResumeThread  ... 1, ) == 0x0
 03561  1592   NtWaitForSingleObject  ... ) == 0x0
 03607   336   NtContinue  (53214512, 1, ...
 03602  1564   NtSetEventBoostPriority  ... ) == 0x0
 03608   504   NtTestAlert  (...
 03609  2836   NtWaitForSingleObject  (96, 0, 0x0, ...
 03604   800   NtTestAlert  ... ) == 0x0
 03610  1644   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01020  1392   NtWaitForSingleObject  ... ) == 0x0
 03606   888   NtSetEventBoostPriority  ... ) == 0x0
 03611  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03612  1592   NtSetEventBoostPriority  (1576, ...
 03613   336   NtRegisterThreadTerminatePort  (24, ...
 03614  1564   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03608   504   NtTestAlert  ... ) == 0x0
 03615   800   NtContinue  (54263088, 1, ...
 03616   164   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03617  1392   NtSetEventBoostPriority  (96, ...
 03611  1764   NtAllocateVirtualMemory  ... 351010816, 1048576, ) == 0x0
 03564  1852   NtWaitForSingleObject  ... ) == 0x0
 03613   336   NtRegisterThreadTerminatePort  ... ) == 0x0
 03614  1564   NtDuplicateObject  ... 1552, ) == 0x0
 03618   504   NtContinue  (55311664, 1, ...
 03619   800   NtRegisterThreadTerminatePort  (24, ...
 01030  2020   NtWaitForSingleObject  ... ) == 0x0
 03617  1392   NtSetEventBoostPriority  ... ) == 0x0
 03620  1764   NtAllocateVirtualMemory  (-1, 352051200, 0, 8192, 4096, 4, ...
 03621  1852   NtSetEventBoostPriority  (1576, ...
 03622   336   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03612  1592   NtSetEventBoostPriority  ... ) == 0x0
 03623   888   NtTestAlert  (...
 03624   504   NtRegisterThreadTerminatePort  (24, ...
 03625  2020   NtSetEventBoostPriority  (96, ...
 03619   800   NtRegisterThreadTerminatePort  ... ) == 0x0
 03626  1564   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03620  1764   NtAllocateVirtualMemory  ... 352051200, 8192, ) == 0x0
 03566  1500   NtWaitForSingleObject  ... ) == 0x0
 03621  1852   NtSetEventBoostPriority  ... ) == 0x0
 03627  1392   NtTestAlert  (...
 03628  1592   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03623   888   NtTestAlert  ... ) == 0x0
 01036   740   NtWaitForSingleObject  ... ) == 0x0
 03625  2020   NtSetEventBoostPriority  ... ) == 0x0
 03624   504   NtRegisterThreadTerminatePort  ... ) == 0x0
 03629   800   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03630  1500   NtSetEventBoostPriority  (1576, ...
 03631  1764   NtProtectVirtualMemory  (-1, (0x14fbe000), 4096, 260, ...
 03632  1852   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03627  1392   NtTestAlert  ... ) == 0x0
 03628  1592   NtDuplicateObject  ... 1548, ) == 0x0
 03633   740   NtSetEventBoostPriority  (96, ...
 03634   888   NtContinue  (56360240, 1, ...
 03635   504   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03636  2020   NtTestAlert  (...
 03574  2000   NtWaitForSingleObject  ... ) == 0x0
 03630  1500   NtSetEventBoostPriority  ... ) == 0x0
 03631  1764   NtProtectVirtualMemory  ... (0x14fbe000), 4096, 4, ) == 0x0
 03637  1392   NtContinue  (57408816, 1, ...
 01046  1676   NtWaitForSingleObject  ... ) == 0x0
 03633   740   NtSetEventBoostPriority  ... ) == 0x0
 03638   888   NtRegisterThreadTerminatePort  (24, ...
 03639  1592   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03636  2020   NtTestAlert  ... ) == 0x0
 03640  2000   NtSetEventBoostPriority  (1576, ...
 03641  1500   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03642  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03643  1676   NtSetEventBoostPriority  (96, ...
 03644  1392   NtRegisterThreadTerminatePort  (24, ...
 03638   888   NtRegisterThreadTerminatePort  ... ) == 0x0
 03645  2020   NtContinue  (58457392, 1, ...
 03582   932   NtWaitForSingleObject  ... ) == 0x0
 03640  2000   NtSetEventBoostPriority  ... ) == 0x0
 03641  1500   NtDuplicateObject  ... 1544, ) == 0x0
 01052   496   NtWaitForSingleObject  ... ) == 0x0
 03643  1676   NtSetEventBoostPriority  ... ) == 0x0
 03642  1764   NtCreateThread  ... 1540, {1304, 2840}, ) == 0x0
 03644  1392   NtRegisterThreadTerminatePort  ... ) == 0x0
 03646   888   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03647   932   NtSetEventBoostPriority  (1576, ...
 03648  2020   NtRegisterThreadTerminatePort  (24, ...
 03649   740   NtTestAlert  (...
 03650  2000   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03651   496   NtSetEventBoostPriority  (96, ...
 03652  1500   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03653  1764   NtQueryInformationThread  (1540, Basic, 28, ...
 03654  1392   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03655  1676   NtTestAlert  (...
 03585  1528   NtWaitForSingleObject  ... ) == 0x0
 03648  2020   NtRegisterThreadTerminatePort  ... ) == 0x0
 03649   740   NtTestAlert  ... ) == 0x0
 01062  1020   NtWaitForSingleObject  ... ) == 0x0
 03651   496   NtSetEventBoostPriority  ... ) == 0x0
 03653  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe74000,Pid=1304,Tid=2840,}, 0x0, ) == 0x0
 03647   932   NtSetEventBoostPriority  ... ) == 0x0
 03655  1676   NtTestAlert  ... ) == 0x0
 03656  1528   NtSetEventBoostPriority  (1576, ...
 03657  2020   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03658  1020   NtSetEventBoostPriority  (96, ...
 03659   740   NtContinue  (59505968, 1, ...
 03660  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58310, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58310, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\6\0\0\30\5\0\0\30\13\0\0" ...  ...
 03661   932   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03662  1676   NtContinue  (60554544, 1, ...
 03588  1068   NtWaitForSingleObject  ... ) == 0x0
 03656  1528   NtSetEventBoostPriority  ... ) == 0x0
 03663   496   NtTestAlert  (...
 01068   432   NtWaitForSingleObject  ... ) == 0x0
 03658  1020   NtSetEventBoostPriority  ... ) == 0x0
 03664   740   NtRegisterThreadTerminatePort  (24, ...
 03661   932   NtDuplicateObject  ... 1536, ) == 0x0
 03665  1676   NtRegisterThreadTerminatePort  (24, ...
 03666  1068   NtSetEventBoostPriority  (1576, ...
 03667  1528   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03668   432   NtSetEventBoostPriority  (96, ...
 03663   496   NtTestAlert  ... ) == 0x0
 03660  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58311, 0}  ... {28, 56, reply, 0, 1304, 1764, 58311, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\6\0\0\30\5\0\0\30\13\0\0" )  ) == 0x0
 03664   740   NtRegisterThreadTerminatePort  ... ) == 0x0
 03669  1020   NtTestAlert  (...
 03665  1676   NtRegisterThreadTerminatePort  ... ) == 0x0
 03590  1420   NtWaitForSingleObject  ... ) == 0x0
 03666  1068   NtSetEventBoostPriority  ... ) == 0x0
 01078  1332   NtWaitForSingleObject  ... ) == 0x0
 03668   432   NtSetEventBoostPriority  ... ) == 0x0
 03667  1528   NtDuplicateObject  ... 1532, ) == 0x0
 03670   496   NtContinue  (61603120, 1, ...
 03671  1764   NtResumeThread  (1540, ...
 03672   740   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03669  1020   NtTestAlert  ... ) == 0x0
 03673  1420   NtSetEventBoostPriority  (1576, ...
 03674  1676   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03675   932   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03676  1332   NtSetEventBoostPriority  (96, ...
 03677  1068   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03678   432   NtTestAlert  (...
 03679   496   NtRegisterThreadTerminatePort  (24, ...
 03671  1764   NtResumeThread  ... 1, ) == 0x0
 03680  1528   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03593  1780   NtWaitForSingleObject  ... ) == 0x0
 03673  1420   NtSetEventBoostPriority  ... ) == 0x0
 03681  1020   NtContinue  (62651696, 1, ...
 03682  2840   NtWaitForSingleObject  (96, 0, 0x0, ...
 01084  1328   NtWaitForSingleObject  ... ) == 0x0
 03676  1332   NtSetEventBoostPriority  ... ) == 0x0
 03678   432   NtTestAlert  ... ) == 0x0
 03679   496   NtRegisterThreadTerminatePort  ... ) == 0x0
 03683  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03684  1780   NtSetEventBoostPriority  (1576, ...
 03685  1420   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03686  1020   NtRegisterThreadTerminatePort  (24, ...
 03687  1328   NtSetEventBoostPriority  (96, ...
 03688   432   NtContinue  (63700272, 1, ...
 03689   496   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03605   764   NtWaitForSingleObject  ... ) == 0x0
 03683  1764   NtAllocateVirtualMemory  ... 352059392, 1048576, ) == 0x0
 03684  1780   NtSetEventBoostPriority  ... ) == 0x0
 03690  1332   NtTestAlert  (...
 01094   752   NtWaitForSingleObject  ... ) == 0x0
 03687  1328   NtSetEventBoostPriority  ... ) == 0x0
 03686  1020   NtRegisterThreadTerminatePort  ... ) == 0x0
 03691   432   NtRegisterThreadTerminatePort  (24, ...
 03692   764   NtSetEventBoostPriority  (1576, ...
 03693  1780   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03694   752   NtSetEventBoostPriority  (96, ...
 03690  1332   NtTestAlert  ... ) == 0x0
 03695  1764   NtAllocateVirtualMemory  (-1, 353099776, 0, 8192, 4096, 4, ...
 03696  1020   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03691   432   NtRegisterThreadTerminatePort  ... ) == 0x0
 03603  1804   NtWaitForSingleObject  ... ) == 0x0
 03692   764   NtSetEventBoostPriority  ... ) == 0x0
 01100   120   NtWaitForSingleObject  ... ) == 0x0
 03694   752   NtSetEventBoostPriority  ... ) == 0x0
 03693  1780   NtDuplicateObject  ... 1528, ) == 0x0
 03697  1332   NtContinue  (64748848, 1, ...
 03695  1764   NtAllocateVirtualMemory  ... 353099776, 8192, ) == 0x0
 03698  1328   NtTestAlert  (...
 03699  1804   NtSetEventBoostPriority  (1576, ...
 03700   432   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03701   120   NtAllocateVirtualMemory  (-1, 8806400, 0, 4096, 4096, 4, ...
 03702   764   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03703   752   NtTestAlert  (...
 03704  1332   NtRegisterThreadTerminatePort  (24, ...
 03705  1764   NtProtectVirtualMemory  (-1, (0x150be000), 4096, 260, ...
 03610  1644   NtWaitForSingleObject  ... ) == 0x0
 03698  1328   NtTestAlert  ... ) == 0x0
 03699  1804   NtSetEventBoostPriority  ... ) == 0x0
 03706  1780   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03701   120   NtAllocateVirtualMemory  ... 8806400, 4096, ) == 0x0
 03703   752   NtTestAlert  ... ) == 0x0
 03704  1332   NtRegisterThreadTerminatePort  ... ) == 0x0
 03705  1764   NtProtectVirtualMemory  ... (0x150be000), 4096, 4, ) == 0x0
 03707  1644   NtSetEventBoostPriority  (1576, ...
 03708  1328   NtContinue  (65797424, 1, ...
 03709  1804   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03710   752   NtContinue  (66846000, 1, ...
 03711  1332   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03712  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03616   164   NtWaitForSingleObject  ... ) == 0x0
 03713  1328   NtRegisterThreadTerminatePort  (24, ...
 03709  1804   NtDuplicateObject  ... 1524, ) == 0x0
 03714   752   NtRegisterThreadTerminatePort  (24, ...
 03707  1644   NtSetEventBoostPriority  ... ) == 0x0
 03715   120   NtSetEventBoostPriority  (96, ...
 03712  1764   NtCreateThread  ... 1520, {1304, 2844}, ) == 0x0
 03716   164   NtSetEventBoostPriority  (1576, ...
 03713  1328   NtRegisterThreadTerminatePort  ... ) == 0x0
 03714   752   NtRegisterThreadTerminatePort  ... ) == 0x0
 03717  1644   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01110  1732   NtWaitForSingleObject  ... ) == 0x0
 03715   120   NtSetEventBoostPriority  ... ) == 0x0
 03718  1804   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03626  1564   NtWaitForSingleObject  ... ) == 0x0
 03716   164   NtSetEventBoostPriority  ... ) == 0x0
 03719  1328   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03720   752   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03721  1732   NtSetEventBoostPriority  (96, ...
 03717  1644   NtDuplicateObject  ... 1516, ) == 0x0
 03722   120   NtTestAlert  (...
 03723  1564   NtSetEventBoostPriority  (1576, ...
 03724   164   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03725  1764   NtQueryInformationThread  (1520, Basic, 28, ...
 01116   188   NtWaitForSingleObject  ... ) == 0x0
 03721  1732   NtSetEventBoostPriority  ... ) == 0x0
 03622   336   NtWaitForSingleObject  ... ) == 0x0
 03723  1564   NtSetEventBoostPriority  ... ) == 0x0
 03722   120   NtTestAlert  ... ) == 0x0
 03726  1644   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03727   188   NtSetEventBoostPriority  (96, ...
 03725  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe73000,Pid=1304,Tid=2844,}, 0x0, ) == 0x0
 03728   336   NtSetEventBoostPriority  (1576, ...
 03729  1564   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03730   120   NtContinue  (67894576, 1, ...
 01126  1636   NtWaitForSingleObject  ... ) == 0x0
 03727   188   NtSetEventBoostPriority  ... ) == 0x0
 03629   800   NtWaitForSingleObject  ... ) == 0x0
 03731  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58311, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58311, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\5\0\0\30\5\0\0\34\13\0\0" ...  ...
 03728   336   NtSetEventBoostPriority  ... ) == 0x0
 03732  1732   NtTestAlert  (...
 03733  1636   NtSetEventBoostPriority  (96, ...
 03734   120   NtRegisterThreadTerminatePort  (24, ...
 03735   800   NtSetEventBoostPriority  (1576, ...
 03731  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58312, 0}  ... {28, 56, reply, 0, 1304, 1764, 58312, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\5\0\0\30\5\0\0\34\13\0\0" )  ) == 0x0
 03736   336   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01132   624   NtWaitForSingleObject  ... ) == 0x0
 03733  1636   NtSetEventBoostPriority  ... ) == 0x0
 03732  1732   NtTestAlert  ... ) == 0x0
 03737   188   NtTestAlert  (...
 03632  1852   NtWaitForSingleObject  ... ) == 0x0
 03738  1764   NtResumeThread  (1520, ...
 03739   624   NtSetEventBoostPriority  (96, ...
 03736   336   NtDuplicateObject  ... 1512, ) == 0x0
 03735   800   NtSetEventBoostPriority  ... ) == 0x0
 03734   120   NtRegisterThreadTerminatePort  ... ) == 0x0
 03740  1732   NtContinue  (68943152, 1, ...
 03737   188   NtTestAlert  ... ) == 0x0
 03741  1852   NtSetEventBoostPriority  (1576, ...
 03742  1636   NtTestAlert  (...
 01142  1948   NtWaitForSingleObject  ... ) == 0x0
 03739   624   NtSetEventBoostPriority  ... ) == 0x0
 03738  1764   NtResumeThread  ... 1, ) == 0x0
 03743   800   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03744   120   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03745  1732   NtRegisterThreadTerminatePort  (24, ...
 03746   188   NtContinue  (69991728, 1, ...
 03635   504   NtWaitForSingleObject  ... ) == 0x0
 03747  1948   NtSetEventBoostPriority  (96, ...
 03742  1636   NtTestAlert  ... ) == 0x0
 03741  1852   NtSetEventBoostPriority  ... ) == 0x0
 03748   336   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03749  2844   NtWaitForSingleObject  (96, 0, 0x0, ...
 03750  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03743   800   NtDuplicateObject  ... 1508, ) == 0x0
 03745  1732   NtRegisterThreadTerminatePort  ... ) == 0x0
 03751   188   NtRegisterThreadTerminatePort  (24, ...
 01148   988   NtWaitForSingleObject  ... ) == 0x0
 03747  1948   NtSetEventBoostPriority  ... ) == 0x0
 03752   504   NtSetEventBoostPriority  (1576, ...
 03753  1636   NtContinue  (71040304, 1, ...
 03754  1852   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03750  1764   NtAllocateVirtualMemory  ... 353107968, 1048576, ) == 0x0
 03755   624   NtTestAlert  (...
 03756  1732   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03757   988   NtSetEventBoostPriority  (96, ...
 03751   188   NtRegisterThreadTerminatePort  ... ) == 0x0
 03758   800   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03639  1592   NtWaitForSingleObject  ... ) == 0x0
 03759  1636   NtRegisterThreadTerminatePort  (24, ...
 03760  1764   NtAllocateVirtualMemory  (-1, 354148352, 0, 8192, 4096, 4, ...
 03755   624   NtTestAlert  ... ) == 0x0
 03752   504   NtSetEventBoostPriority  ... ) == 0x0
 03761  1948   NtTestAlert  (...
 01158   468   NtWaitForSingleObject  ... ) == 0x0
 03757   988   NtSetEventBoostPriority  ... ) == 0x0
 03762   188   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03763  1592   NtSetEventBoostPriority  (1576, ...
 03759  1636   NtRegisterThreadTerminatePort  ... ) == 0x0
 03760  1764   NtAllocateVirtualMemory  ... 354148352, 8192, ) == 0x0
 03764   624   NtContinue  (72088880, 1, ...
 03765   504   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03766   468   NtSetEventBoostPriority  (96, ...
 03761  1948   NtTestAlert  ... ) == 0x0
 03767   988   NtTestAlert  (...
 03650  2000   NtWaitForSingleObject  ... ) == 0x0
 03763  1592   NtSetEventBoostPriority  ... ) == 0x0
 03768  1636   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03769  1764   NtProtectVirtualMemory  (-1, (0x151be000), 4096, 260, ...
 03770   624   NtRegisterThreadTerminatePort  (24, ...
 01164   380   NtWaitForSingleObject  ... ) == 0x0
 03766   468   NtSetEventBoostPriority  ... ) == 0x0
 03765   504   NtDuplicateObject  ... 1504, ) == 0x0
 03771  1948   NtContinue  (73137456, 1, ...
 03772  2000   NtSetEventBoostPriority  (1576, ...
 03767   988   NtTestAlert  ... ) == 0x0
 03773  1592   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03774   380   NtSetEventBoostPriority  (96, ...
 03770   624   NtRegisterThreadTerminatePort  ... ) == 0x0
 03769  1764   NtProtectVirtualMemory  ... (0x151be000), 4096, 4, ) == 0x0
 03775   468   NtTestAlert  (...
 03652  1500   NtWaitForSingleObject  ... ) == 0x0
 03772  2000   NtSetEventBoostPriority  ... ) == 0x0
 03776  1948   NtRegisterThreadTerminatePort  (24, ...
 03777   988   NtContinue  (74186032, 1, ...
 03778   504   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01174  1692   NtWaitForSingleObject  ... ) == 0x0
 03774   380   NtSetEventBoostPriority  ... ) == 0x0
 03779   624   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03780  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03781  1500   NtSetEventBoostPriority  (1576, ...
 03775   468   NtTestAlert  ... ) == 0x0
 03782  2000   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03776  1948   NtRegisterThreadTerminatePort  ... ) == 0x0
 03783   988   NtRegisterThreadTerminatePort  (24, ...
 03784  1692   NtSetEventBoostPriority  (96, ...
 03785   380   NtTestAlert  (...
 03646   888   NtWaitForSingleObject  ... ) == 0x0
 03781  1500   NtSetEventBoostPriority  ... ) == 0x0
 03780  1764   NtCreateThread  ... 1500, {1304, 2848}, ) == 0x0
 03786   468   NtContinue  (75234608, 1, ...
 03787  1948   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01180  1792   NtWaitForSingleObject  ... ) == 0x0
 03784  1692   NtSetEventBoostPriority  ... ) == 0x0
 03783   988   NtRegisterThreadTerminatePort  ... ) == 0x0
 03788   888   NtSetEventBoostPriority  (1576, ...
 03785   380   NtTestAlert  ... ) == 0x0
 03789  1500   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03790  1764   NtQueryInformationThread  (1500, Basic, 28, ...
 03791   468   NtRegisterThreadTerminatePort  (24, ...
 03792  1792   NtSetEventBoostPriority  (96, ...
 03654  1392   NtWaitForSingleObject  ... ) == 0x0
 03793   988   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03794   380   NtContinue  (76283184, 1, ...
 03788   888   NtSetEventBoostPriority  ... ) == 0x0
 03795  1692   NtTestAlert  (...
 03790  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe72000,Pid=1304,Tid=2848,}, 0x0, ) == 0x0
 01190   784   NtWaitForSingleObject  ... ) == 0x0
 03792  1792   NtSetEventBoostPriority  ... ) == 0x0
 03791   468   NtRegisterThreadTerminatePort  ... ) == 0x0
 03796  1392   NtSetEventBoostPriority  (1576, ...
 03797   380   NtRegisterThreadTerminatePort  (24, ...
 03798   888   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03795  1692   NtTestAlert  ... ) == 0x0
 03799   784   NtSetEventBoostPriority  (96, ...
 03800  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58312, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58312, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\5\0\0\30\5\0\0 \13\0\0" ...  ...
 03801   468   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03657  2020   NtWaitForSingleObject  ... ) == 0x0
 03797   380   NtRegisterThreadTerminatePort  ... ) == 0x0
 03798   888   NtDuplicateObject  ... 1496, ) == 0x0
 01196  1520   NtWaitForSingleObject  ... ) == 0x0
 03799   784   NtSetEventBoostPriority  ... ) == 0x0
 03802  1692   NtContinue  (77331760, 1, ...
 03796  1392   NtSetEventBoostPriority  ... ) == 0x0
 03803  1792   NtTestAlert  (...
 03800  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58313, 0}  ... {28, 56, reply, 0, 1304, 1764, 58313, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\5\0\0\30\5\0\0 \13\0\0" )  ) == 0x0
 03804  2020   NtSetEventBoostPriority  (1576, ...
 03805   380   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03806  1520   NtSetEventBoostPriority  (96, ...
 03807   888   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03808  1692   NtRegisterThreadTerminatePort  (24, ...
 03809  1392   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03803  1792   NtTestAlert  ... ) == 0x0
 03810  1764   NtResumeThread  (1500, ...
 03672   740   NtWaitForSingleObject  ... ) == 0x0
 03804  2020   NtSetEventBoostPriority  ... ) == 0x0
 03811   784   NtTestAlert  (...
 01206  1696   NtWaitForSingleObject  ... ) == 0x0
 03806  1520   NtSetEventBoostPriority  ... ) == 0x0
 03808  1692   NtRegisterThreadTerminatePort  ... ) == 0x0
 03809  1392   NtDuplicateObject  ... 1492, ) == 0x0
 03812  1792   NtContinue  (78380336, 1, ...
 03810  1764   NtResumeThread  ... 1, ) == 0x0
 03813   740   NtSetEventBoostPriority  (1576, ...
 03814  2020   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03815  1696   NtSetEventBoostPriority  (96, ...
 03811   784   NtTestAlert  ... ) == 0x0
 03816  2848   NtWaitForSingleObject  (96, 0, 0x0, ...
 03817  1692   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03818  1520   NtTestAlert  (...
 03819  1792   NtRegisterThreadTerminatePort  (24, ...
 03820  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03675   932   NtWaitForSingleObject  ... ) == 0x0
 01212  1744   NtWaitForSingleObject  ... ) == 0x0
 03815  1696   NtSetEventBoostPriority  ... ) == 0x0
 03814  2020   NtDuplicateObject  ... 1488, ) == 0x0
 03821   784   NtContinue  (79428912, 1, ...
 03813   740   NtSetEventBoostPriority  ... ) == 0x0
 03822  1392   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03818  1520   NtTestAlert  ... ) == 0x0
 03819  1792   NtRegisterThreadTerminatePort  ... ) == 0x0
 03820  1764   NtAllocateVirtualMemory  ... 354156544, 1048576, ) == 0x0
 03823  1744   NtSetEventBoostPriority  (96, ...
 03824   932   NtSetEventBoostPriority  (1576, ...
 03825  1696   NtTestAlert  (...
 03826   784   NtRegisterThreadTerminatePort  (24, ...
 03827   740   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03828  1520   NtContinue  (80477488, 1, ...
 03829  1792   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03830  2020   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01222  1124   NtWaitForSingleObject  ... ) == 0x0
 03823  1744   NtSetEventBoostPriority  ... ) == 0x0
 03677  1068   NtWaitForSingleObject  ... ) == 0x0
 03824   932   NtSetEventBoostPriority  ... ) == 0x0
 03825  1696   NtTestAlert  ... ) == 0x0
 03826   784   NtRegisterThreadTerminatePort  ... ) == 0x0
 03827   740   NtDuplicateObject  ... 1588, ) == 0x0
 03831  1520   NtRegisterThreadTerminatePort  (24, ...
 03832  1764   NtAllocateVirtualMemory  (-1, 355196928, 0, 8192, 4096, 4, ...
 03833  1124   NtSetEventBoostPriority  (96, ...
 03834  1068   NtSetEventBoostPriority  (1576, ...
 03835   932   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03836  1696   NtContinue  (81526064, 1, ...
 03837   784   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03838  1744   NtTestAlert  (...
 03831  1520   NtRegisterThreadTerminatePort  ... ) == 0x0
 01228  1496   NtWaitForSingleObject  ... ) == 0x0
 03680  1528   NtWaitForSingleObject  ... ) == 0x0
 03834  1068   NtSetEventBoostPriority  ... ) == 0x0
 03833  1124   NtSetEventBoostPriority  ... ) == 0x0
 03832  1764   NtAllocateVirtualMemory  ... 355196928, 8192, ) == 0x0
 03839   740   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03840  1696   NtRegisterThreadTerminatePort  (24, ...
 03838  1744   NtTestAlert  ... ) == 0x0
 03841  1496   NtSetEventBoostPriority  (96, ...
 03842  1528   NtSetEventBoostPriority  (1576, ...
 03843  1520   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03844  1068   NtWaitForSingleObject  (68, 0, {0, 0}, ...
 03845  1764   NtProtectVirtualMemory  (-1, (0x152be000), 4096, 260, ...
 03840  1696   NtRegisterThreadTerminatePort  ... ) == 0x0
 01238   168   NtWaitForSingleObject  ... ) == 0x0
 03674  1676   NtWaitForSingleObject  ... ) == 0x0
 03842  1528   NtSetEventBoostPriority  ... ) == 0x0
 03841  1496   NtSetEventBoostPriority  ... ) == 0x0
 03846  1744   NtContinue  (82574640, 1, ...
 03847  1124   NtTestAlert  (...
 03845  1764   NtProtectVirtualMemory  ... (0x152be000), 4096, 4, ) == 0x0
 03848   168   NtSetEventBoostPriority  (96, ...
 03849  1676   NtSetEventBoostPriority  (1576, ...
 03850  1696   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03851  1528   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03844  1068   NtWaitForSingleObject  ... ) == 0x102
 03852  1744   NtRegisterThreadTerminatePort  (24, ...
 03847  1124   NtTestAlert  ... ) == 0x0
 01244  1284   NtWaitForSingleObject  ... ) == 0x0
 03685  1420   NtWaitForSingleObject  ... ) == 0x0
 03848   168   NtSetEventBoostPriority  ... ) == 0x0
 03853  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03849  1676   NtSetEventBoostPriority  ... ) == 0x0
 03854  1496   NtTestAlert  (...
 03855  1068   NtWaitForSingleObject  (1484, 0, 0x0, ...
 03852  1744   NtRegisterThreadTerminatePort  ... ) == 0x0
 03856  1284   NtSetEventBoostPriority  (96, ...
 03857  1124   NtContinue  (83623216, 1, ...
 03858  1420   NtSetEventBoostPriority  (1576, ...
 03853  1764   NtCreateThread  ... 1592, {1304, 2852}, ) == 0x0
 03859  1676   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03854  1496   NtTestAlert  ... ) == 0x0
 01254  1268   NtWaitForSingleObject  ... ) == 0x0
 03856  1284   NtSetEventBoostPriority  ... ) == 0x0
 03860  1744   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03861  1124   NtRegisterThreadTerminatePort  (24, ...
 03689   496   NtWaitForSingleObject  ... ) == 0x0
 03858  1420   NtSetEventBoostPriority  ... ) == 0x0
 03862   168   NtTestAlert  (...
 03859  1676   NtDuplicateObject  ... 1596, ) == 0x0
 03863  1268   NtSetEventBoostPriority  (96, ...
 03864  1496   NtContinue  (84671792, 1, ...
 03865  1764   NtQueryInformationThread  (1592, Basic, 28, ...
 03866  1284   NtTestAlert  (...
 03861  1124   NtRegisterThreadTerminatePort  ... ) == 0x0
 03867   496   NtSetEventBoostPriority  (1576, ...
 03868  1420   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03862   168   NtTestAlert  ... ) == 0x0
 01260   840   NtWaitForSingleObject  ... ) == 0x0
 03863  1268   NtSetEventBoostPriority  ... ) == 0x0
 03869  1496   NtRegisterThreadTerminatePort  (24, ...
 03865  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe71000,Pid=1304,Tid=2852,}, 0x0, ) == 0x0
 03866  1284   NtTestAlert  ... ) == 0x0
 03870  1124   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03696  1020   NtWaitForSingleObject  ... ) == 0x0
 03871   840   NtSetEventBoostPriority  (96, ...
 03872   168   NtContinue  (85720368, 1, ...
 03867   496   NtSetEventBoostPriority  ... ) == 0x0
 03873  1676   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03869  1496   NtRegisterThreadTerminatePort  ... ) == 0x0
 03874  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58313, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58313, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\6\0\0\30\5\0\0$\13\0\0" ...  ...
 03875  1284   NtContinue  (86768944, 1, ...
 03876  1268   NtTestAlert  (...
 01270  1336   NtWaitForSingleObject  ... ) == 0x0
 03871   840   NtSetEventBoostPriority  ... ) == 0x0
 03877  1020   NtSetEventBoostPriority  (1576, ...
 03878   168   NtRegisterThreadTerminatePort  (24, ...
 03879   496   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03880  1496   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03874  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58314, 0}  ... {28, 56, reply, 0, 1304, 1764, 58314, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\6\0\0\30\5\0\0$\13\0\0" )  ) == 0x0
 03881  1284   NtRegisterThreadTerminatePort  (24, ...
 03882  1336   NtSetEventBoostPriority  (96, ...
 03876  1268   NtTestAlert  ... ) == 0x0
 03700   432   NtWaitForSingleObject  ... ) == 0x0
 03878   168   NtRegisterThreadTerminatePort  ... ) == 0x0
 03879   496   NtDuplicateObject  ... 1600, ) == 0x0
 03877  1020   NtSetEventBoostPriority  ... ) == 0x0
 03883   840   NtTestAlert  (...
 03884  1764   NtResumeThread  (1592, ...
 01276  1200   NtWaitForSingleObject  ... ) == 0x0
 03882  1336   NtSetEventBoostPriority  ... ) == 0x0
 03881  1284   NtRegisterThreadTerminatePort  ... ) == 0x0
 03885  1268   NtContinue  (87817520, 1, ...
 03886   432   NtAllocateVirtualMemory  (-1, 1372160, 0, 4096, 4096, 4, ...
 03887   168   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03888  1020   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03883   840   NtTestAlert  ... ) == 0x0
 03889   496   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03890  1200   NtSetEventBoostPriority  (96, ...
 03884  1764   NtResumeThread  ... 1, ) == 0x0
 03891  1284   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03892  1268   NtRegisterThreadTerminatePort  (24, ...
 03886   432   NtAllocateVirtualMemory  ... 1372160, 4096, ) == 0x0
 03893  1336   NtTestAlert  (...
 03894  2852   NtWaitForSingleObject  (96, 0, 0x0, ...
 03888  1020   NtDuplicateObject  ... 1604, ) == 0x0
 03895   840   NtContinue  (88866096, 1, ...
 01286  1920   NtWaitForSingleObject  ... ) == 0x0
 03890  1200   NtSetEventBoostPriority  ... ) == 0x0
 03896  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03892  1268   NtRegisterThreadTerminatePort  ... ) == 0x0
 03897   432   NtSetEventBoostPriority  (1576, ...
 03893  1336   NtTestAlert  ... ) == 0x0
 03898  1920   NtSetEventBoostPriority  (96, ...
 03899   840   NtRegisterThreadTerminatePort  (24, ...
 03900  1020   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03896  1764   NtAllocateVirtualMemory  ... 355205120, 1048576, ) == 0x0
 03901  1268   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03706  1780   NtWaitForSingleObject  ... ) == 0x0
 01292   896   NtWaitForSingleObject  ... ) == 0x0
 03898  1920   NtSetEventBoostPriority  ... ) == 0x0
 03902  1336   NtContinue  (89914672, 1, ...
 03899   840   NtRegisterThreadTerminatePort  ... ) == 0x0
 03903  1764   NtAllocateVirtualMemory  (-1, 356245504, 0, 8192, 4096, 4, ...
 03897   432   NtSetEventBoostPriority  ... ) == 0x0
 03904  1200   NtTestAlert  (...
 03905   896   NtSetEventBoostPriority  (96, ...
 03906  1780   NtSetEventBoostPriority  (1576, ...
 03907  1336   NtRegisterThreadTerminatePort  (24, ...
 03908   840   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03903  1764   NtAllocateVirtualMemory  ... 356245504, 8192, ) == 0x0
 03909  1920   NtTestAlert  (...
 01302  2016   NtWaitForSingleObject  ... ) == 0x0
 03905   896   NtSetEventBoostPriority  ... ) == 0x0
 03904  1200   NtTestAlert  ... ) == 0x0
 03702   764   NtWaitForSingleObject  ... ) == 0x0
 03906  1780   NtSetEventBoostPriority  ... ) == 0x0
 03907  1336   NtRegisterThreadTerminatePort  ... ) == 0x0
 03910   432   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03911  1764   NtProtectVirtualMemory  (-1, (0x153be000), 4096, 260, ...
 03912  2016   NtSetEventBoostPriority  (96, ...
 03909  1920   NtTestAlert  ... ) == 0x0
 03913   764   NtSetEventBoostPriority  (1576, ...
 03914  1200   NtContinue  (90963248, 1, ...
 03915  1780   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03916  1336   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03910   432   NtDuplicateObject  ... 1608, ) == 0x0
 03917   896   NtTestAlert  (...
 01308  2012   NtWaitForSingleObject  ... ) == 0x0
 03912  2016   NtSetEventBoostPriority  ... ) == 0x0
 03711  1332   NtWaitForSingleObject  ... ) == 0x0
 03918  1920   NtContinue  (92011824, 1, ...
 03919  1200   NtRegisterThreadTerminatePort  (24, ...
 03913   764   NtSetEventBoostPriority  ... ) == 0x0
 03911  1764   NtProtectVirtualMemory  ... (0x153be000), 4096, 4, ) == 0x0
 03920   432   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03921  2012   NtSetEventBoostPriority  (96, ...
 03917   896   NtTestAlert  ... ) == 0x0
 03922  1332   NtSetEventBoostPriority  (1576, ...
 03923  1920   NtRegisterThreadTerminatePort  (24, ...
 03919  1200   NtRegisterThreadTerminatePort  ... ) == 0x0
 03924   764   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03925  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01318  1604   NtWaitForSingleObject  ... ) == 0x0
 03921  2012   NtSetEventBoostPriority  ... ) == 0x0
 03926   896   NtContinue  (93060400, 1, ...
 03718  1804   NtWaitForSingleObject  ... ) == 0x0
 03923  1920   NtRegisterThreadTerminatePort  ... ) == 0x0
 03927  1200   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03928  1604   NtSetEventBoostPriority  (96, ...
 03925  1764   NtCreateThread  ... 1612, {1304, 2880}, ) == 0x0
 03922  1332   NtSetEventBoostPriority  ... ) == 0x0
 03929  2016   NtTestAlert  (...
 03930   896   NtRegisterThreadTerminatePort  (24, ...
 03931  1804   NtSetEventBoostPriority  (1576, ...
 03932  1920   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03933  2012   NtTestAlert  (...
 01324  1572   NtWaitForSingleObject  ... ) == 0x0
 03928  1604   NtSetEventBoostPriority  ... ) == 0x0
 03934  1764   NtQueryInformationThread  (1612, Basic, 28, ...
 03935  1332   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03929  2016   NtTestAlert  ... ) == 0x0
 03930   896   NtRegisterThreadTerminatePort  ... ) == 0x0
 03719  1328   NtWaitForSingleObject  ... ) == 0x0
 03931  1804   NtSetEventBoostPriority  ... ) == 0x0
 03936  1572   NtSetEventBoostPriority  (96, ...
 03933  2012   NtTestAlert  ... ) == 0x0
 03934  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe70000,Pid=1304,Tid=2880,}, 0x0, ) == 0x0
 03935  1332   NtDuplicateObject  ... 1616, ) == 0x0
 03937  2016   NtContinue  (94108976, 1, ...
 03938  1328   NtSetEventBoostPriority  (1576, ...
 03939   896   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01333   596   NtWaitForSingleObject  ... ) == 0x0
 03936  1572   NtSetEventBoostPriority  ... ) == 0x0
 03940  1804   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03941  2012   NtContinue  (95157552, 1, ...
 03942  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58314, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58314, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\6\0\0\30\5\0\0@\13\0\0" ...  ...
 03943  1604   NtTestAlert  (...
 03720   752   NtWaitForSingleObject  ... ) == 0x0
 03944  2016   NtRegisterThreadTerminatePort  (24, ...
 03938  1328   NtSetEventBoostPriority  ... ) == 0x0
 03945  1332   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03946   596   NtAllocateVirtualMemory  (-1, 8810496, 0, 4096, 4096, 4, ...
 03947  1572   NtTestAlert  (...
 03948  2012   NtRegisterThreadTerminatePort  (24, ...
 03943  1604   NtTestAlert  ... ) == 0x0
 03949   752   NtSetEventBoostPriority  (1576, ...
 03944  2016   NtRegisterThreadTerminatePort  ... ) == 0x0
 03950  1328   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03946   596   NtAllocateVirtualMemory  ... 8810496, 4096, ) == 0x0
 03947  1572   NtTestAlert  ... ) == 0x0
 03948  2012   NtRegisterThreadTerminatePort  ... ) == 0x0
 03951  1604   NtContinue  (96206128, 1, ...
 03724   164   NtWaitForSingleObject  ... ) == 0x0
 03952  2016   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03950  1328   NtDuplicateObject  ... 1620, ) == 0x0
 03949   752   NtSetEventBoostPriority  ... ) == 0x0
 03942  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58315, 0}  ... {28, 56, reply, 0, 1304, 1764, 58315, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\6\0\0\30\5\0\0@\13\0\0" )  ) == 0x0
 03953  1572   NtContinue  (97254704, 1, ...
 03954  2012   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03955  1604   NtRegisterThreadTerminatePort  (24, ...
 03956   164   NtSetEventBoostPriority  (1576, ...
 03957   596   NtSetEventBoostPriority  (96, ...
 03958   752   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03959  1764   NtResumeThread  (1612, ...
 03960  1572   NtRegisterThreadTerminatePort  (24, ...
 03961  1328   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03955  1604   NtRegisterThreadTerminatePort  ... ) == 0x0
 03726  1644   NtWaitForSingleObject  ... ) == 0x0
 01340   376   NtWaitForSingleObject  ... ) == 0x0
 03957   596   NtSetEventBoostPriority  ... ) == 0x0
 03958   752   NtDuplicateObject  ... 1624, ) == 0x0
 03959  1764   NtResumeThread  ... 1, ) == 0x0
 03960  1572   NtRegisterThreadTerminatePort  ... ) == 0x0
 03962  1604   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03963   376   NtSetEventBoostPriority  (96, ...
 03964  1644   NtSetEventBoostPriority  (1576, ...
 03965   596   NtTestAlert  (...
 03956   164   NtSetEventBoostPriority  ... ) == 0x0
 03966  2880   NtWaitForSingleObject  (96, 0, 0x0, ...
 03967  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03968  1572   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03969   752   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01349  1168   NtWaitForSingleObject  ... ) == 0x0
 03963   376   NtSetEventBoostPriority  ... ) == 0x0
 03729  1564   NtWaitForSingleObject  ... ) == 0x0
 03964  1644   NtSetEventBoostPriority  ... ) == 0x0
 03965   596   NtTestAlert  ... ) == 0x0
 03970   164   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03967  1764   NtAllocateVirtualMemory  ... 356253696, 1048576, ) == 0x0
 03971  1168   NtSetEventBoostPriority  (96, ...
 03972  1564   NtSetEventBoostPriority  (1576, ...
 03973  1644   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03974   596   NtContinue  (98303280, 1, ...
 03975   376   NtTestAlert  (...
 01356   428   NtWaitForSingleObject  ... ) == 0x0
 03744   120   NtWaitForSingleObject  ... ) == 0x0
 03971  1168   NtSetEventBoostPriority  ... ) == 0x0
 03972  1564   NtSetEventBoostPriority  ... ) == 0x0
 03976  1764   NtAllocateVirtualMemory  (-1, 357294080, 0, 8192, 4096, 4, ...
 03977   596   NtRegisterThreadTerminatePort  (24, ...
 03978   428   NtSetEventBoostPriority  (96, ...
 03975   376   NtTestAlert  ... ) == 0x0
 03979   120   NtSetEventBoostPriority  (1576, ...
 03980  1564   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03976  1764   NtAllocateVirtualMemory  ... 357294080, 8192, ) == 0x0
 03981  1168   NtTestAlert  (...
 01365  1344   NtWaitForSingleObject  ... ) == 0x0
 03978   428   NtSetEventBoostPriority  ... ) == 0x0
 03982   376   NtContinue  (99351856, 1, ...
 03748   336   NtWaitForSingleObject  ... ) == 0x0
 03979   120   NtSetEventBoostPriority  ... ) == 0x0
 03983  1764   NtProtectVirtualMemory  (-1, (0x154be000), 4096, 260, ...
 03984  1344   NtSetEventBoostPriority  (96, ...
 03981  1168   NtTestAlert  ... ) == 0x0
 03977   596   NtRegisterThreadTerminatePort  ... ) == 0x0
 03985   336   NtSetEventBoostPriority  (1576, ...
 03986   376   NtRegisterThreadTerminatePort  (24, ...
 03987   428   NtTestAlert  (...
 01372  1300   NtWaitForSingleObject  ... ) == 0x0
 03984  1344   NtSetEventBoostPriority  ... ) == 0x0
 03983  1764   NtProtectVirtualMemory  ... (0x154be000), 4096, 4, ) == 0x0
 03988  1168   NtContinue  (100400432, 1, ...
 03754  1852   NtWaitForSingleObject  ... ) == 0x0
 03985   336   NtSetEventBoostPriority  ... ) == 0x0
 03989   596   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03986   376   NtRegisterThreadTerminatePort  ... ) == 0x0
 03990  1300   NtSetEventBoostPriority  (96, ...
 03987   428   NtTestAlert  ... ) == 0x0
 03991   120   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03992  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03993  1852   NtSetEventBoostPriority  (1576, ...
 03994  1168   NtRegisterThreadTerminatePort  (24, ...
 03995   336   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01381  1096   NtWaitForSingleObject  ... ) == 0x0
 03990  1300   NtSetEventBoostPriority  ... ) == 0x0
 03996   376   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03997   428   NtContinue  (101449008, 1, ...
 03991   120   NtDuplicateObject  ... 1628, ) == 0x0
 03758   800   NtWaitForSingleObject  ... ) == 0x0
 03993  1852   NtSetEventBoostPriority  ... ) == 0x0
 03992  1764   NtCreateThread  ... 1632, {1304, 2884}, ) == 0x0
 03994  1168   NtRegisterThreadTerminatePort  ... ) == 0x0
 03998  1344   NtTestAlert  (...
 03999  1096   NtSetEventBoostPriority  (96, ...
 04000  1300   NtTestAlert  (...
 04001   428   NtRegisterThreadTerminatePort  (24, ...
 04002   800   NtSetEventBoostPriority  (1576, ...
 04003   120   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04004  1852   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 04005  1168   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01388   252   NtWaitForSingleObject  ... ) == 0x0
 03999  1096   NtSetEventBoostPriority  ... ) == 0x0
 03998  1344   NtTestAlert  ... ) == 0x0
 04000  1300   NtTestAlert  ... ) == 0x0
 03756  1732   NtWaitForSingleObject  ... ) == 0x0
 04002   800   NtSetEventBoostPriority  ... ) == 0x0
 04001   428   NtRegisterThreadTerminatePort  ... ) == 0x0
 04004  1852   NtCreateEvent  ... 1636, ) == 0x0
 04006  1764   NtQueryInformationThread  (1632, Basic, 28, ...
 04007   252   NtSetEventBoostPriority  (96, ...
 04008  1344   NtContinue  (102497584, 1, ...
 04009  1732   NtSetEventBoostPriority  (1576, ...
 04010  1300   NtContinue  (103546160, 1, ...
 04011   800   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04012   428   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04013  1852   NtWaitForSingleObject  (1636, 0, 0x0, ...
 01397   500   NtWaitForSingleObject  ... ) == 0x0
 04007   252   NtSetEventBoostPriority  ... ) == 0x0
 04006  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe6f000,Pid=1304,Tid=2884,}, 0x0, ) == 0x0
 03762   188   NtWaitForSingleObject  ... ) == 0x0
 04014  1344   NtRegisterThreadTerminatePort  (24, ...
 04015  1300   NtRegisterThreadTerminatePort  (24, ...
 04009  1732   NtSetEventBoostPriority  ... ) == 0x0
 04016  1096   NtTestAlert  (...
 04017   500   NtSetEventBoostPriority  (96, ...
 04018  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58315, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58315, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\6\0\0\30\5\0\0D\13\0\0" ...  ...
 04019   188   NtSetEventBoostPriority  (1576, ...
 04014  1344   NtRegisterThreadTerminatePort  ... ) == 0x0
 04015  1300   NtRegisterThreadTerminatePort  ... ) == 0x0
 04020  1732   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01404  1132   NtWaitForSingleObject  ... ) == 0x0
 04017   500   NtSetEventBoostPriority  ... ) == 0x0
 04016  1096   NtTestAlert  ... ) == 0x0
 04018  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58316, 0}  ... {28, 56, reply, 0, 1304, 1764, 58316, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\6\0\0\30\5\0\0D\13\0\0" )  ) == 0x0
 03768  1636   NtWaitForSingleObject  ... ) == 0x0
 04021  1344   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04022  1300   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04023  1132   NtSetEventBoostPriority  (96, ...
 04020  1732   NtDuplicateObject  ... 1640, ) == 0x0
 04019   188   NtSetEventBoostPriority  ... ) == 0x0
 04024   252   NtTestAlert  (...
 04025  1096   NtContinue  (104594736, 1, ...
 04026  1764   NtResumeThread  (1632, ...
 04027  1636   NtSetEventBoostPriority  (1576, ...
 04028   500   NtTestAlert  (...
 01413  1024   NtWaitForSingleObject  ... ) == 0x0
 04023  1132   NtSetEventBoostPriority  ... ) == 0x0
 04029   188   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04024   252   NtTestAlert  ... ) == 0x0
 04030  1096   NtRegisterThreadTerminatePort  (24, ...
 04031  1732   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03778   504   NtWaitForSingleObject  ... ) == 0x0
 04032  1024   NtSetEventBoostPriority  (96, ...
 04028   500   NtTestAlert  ... ) == 0x0
 04027  1636   NtSetEventBoostPriority  ... ) == 0x0
 04026  1764   NtResumeThread  ... 1, ) == 0x0
 04029   188   NtDuplicateObject  ... 1644, ) == 0x0
 04033   252   NtContinue  (105643312, 1, ...
 04030  1096   NtRegisterThreadTerminatePort  ... ) == 0x0
 01420   948   NtWaitForSingleObject  ... ) == 0x0
 04032  1024   NtSetEventBoostPriority  ... ) == 0x0
 04034   504   NtSetEventBoostPriority  (1576, ...
 04035   500   NtContinue  (106691888, 1, ...
 04036  1636   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04037  1764   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 04038  1132   NtTestAlert  (...
 04039  2884   NtWaitForSingleObject  (96, 0, 0x0, ...
 04040   252   NtRegisterThreadTerminatePort  (24, ...
 04041   948   NtSetEventBoostPriority  (96, ...
 04042  1096   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04043   188   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03773  1592   NtWaitForSingleObject  ... ) == 0x0
 04034   504   NtSetEventBoostPriority  ... ) == 0x0
 04044   500   NtRegisterThreadTerminatePort  (24, ...
 04036  1636   NtDuplicateObject  ... 1648, ) == 0x0
 04037  1764   NtAllocateVirtualMemory  ... 357302272, 1048576, ) == 0x0
 04038  1132   NtTestAlert  ... ) == 0x0
 01429  1388   NtWaitForSingleObject  ... ) == 0x0
 04041   948   NtSetEventBoostPriority  ... ) == 0x0
 04040   252   NtRegisterThreadTerminatePort  ... ) == 0x0
 04045  1024   NtTestAlert  (...
 04046  1592   NtSetEventBoostPriority  (1576, ...
 04047   504   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04044   500   NtRegisterThreadTerminatePort  ... ) == 0x0
 04048  1764   NtAllocateVirtualMemory  (-1, 358342656, 0, 8192, 4096, 4, ...
 04049  1388   NtSetEventBoostPriority  (96, ...
 04050  1132   NtContinue  (107740464, 1, ...
 04051  1636   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04052   252   NtWaitForSingleObject  (1576, 0, 0x0, ...
 03779   624   NtWaitForSingleObject  ... ) == 0x0
 04045  1024   NtTestAlert  ... ) == 0x0
 04046  1592   NtSetEventBoostPriority  ... ) == 0x0
 04053   948   NtTestAlert  (...
 04054   500   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01436   520   NtWaitForSingleObject  ... ) == 0x0
 04049  1388   NtSetEventBoostPriority  ... ) == 0x0
 04048  1764   NtAllocateVirtualMemory  ... 358342656, 8192, ) == 0x0
 04055  1132   NtRegisterThreadTerminatePort  (24, ...
 04056   624   NtSetEventBoostPriority  (1576, ...
 04057  1024   NtContinue  (108789040, 1, ...
 04058  1592   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04053   948   NtTestAlert  ... ) == 0x0
 04059   520   NtSetEventBoostPriority  (96, ...
 04060  1764   NtProtectVirtualMemory  (-1, (0x155be000), 4096, 260, ...
 04055  1132   NtRegisterThreadTerminatePort  ... ) == 0x0
 03782  2000   NtWaitForSingleObject  ... ) == 0x0
 04061  1024   NtRegisterThreadTerminatePort  (24, ...
 01445   276   NtWaitForSingleObject  ... ) == 0x0
 04059   520   NtSetEventBoostPriority  ... ) == 0x0
 04062   948   NtContinue  (109837616, 1, ...
 04056   624   NtSetEventBoostPriority  ... ) == 0x0
 04063  1388   NtTestAlert  (...
 04064  1132   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04065  2000   NtSetEventBoostPriority  (1576, ...
 04066   276   NtSetEventBoostPriority  (96, ...
 04061  1024   NtRegisterThreadTerminatePort  ... ) == 0x0
 04060  1764   NtProtectVirtualMemory  ... (0x155be000), 4096, 4, ) == 0x0
 04067   948   NtRegisterThreadTerminatePort  (24, ...
 04068   624   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 04063  1388   NtTestAlert  ... ) == 0x0
 04069   520   NtTestAlert  (...
 01452   996   NtWaitForSingleObject  ... ) == 0x0
 04066   276   NtSetEventBoostPriority  ... ) == 0x0
 03787  1948   NtWaitForSingleObject  ... ) == 0x0
 04070  1024   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04071  1764   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 04067   948   NtRegisterThreadTerminatePort  ... ) == 0x0
 04068   624   NtDuplicateObject  ... 1652, ) == 0x0
 04072  1388   NtContinue  (110886192, 1, ...
 04073   996   NtSetEventBoostPriority  (96, ...
 04069   520   NtTestAlert  ... ) == 0x0
 04065  2000   NtSetEventBoostPriority  ... ) == 0x0
 04074  1948   NtSetEventBoostPriority  (1576, ...
 04075   276   NtTestAlert  (...
 04071  1764   NtCreateThread  ... 1656, {1304, 2888}, ) == 0x0
 04076   948   NtWaitForSingleObject  (1576, 0, 0x0, ...
 01461  1064   NtWaitForSingleObject  ... ) == 0x0
 04073   996   NtSetEventBoostPriority  ... ) == 0x0
 04077  1388   NtRegisterThreadTerminatePort  (24, ...
 04078   520   NtContinue  (111934768, 1, ...
 04079  2000   NtWaitForSingleObject  (1636, 0, 0x0, ...
 03789  1500   NtWaitForSingleObject  ... ) == 0x0
 04075   276   NtTestAlert  ... ) == 0x0
 04080  1764   NtQueryInformationThread  (1656, Basic, 28, ...
 04074  1948   NtSetEventBoostPriority  ... ) == 0x0
 04081   624   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04082  1064   NtSetEventBoostPriority  (96, ...
 04077  1388   NtRegisterThreadTerminatePort  ... ) == 0x0
 04083   520   NtRegisterThreadTerminatePort  (24, ...
 04084  1500   NtSetEventBoostPriority  (1576, ...
 04085   276   NtContinue  (112983344, 1, ...
 04080  1764   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fe6e000,Pid=1304,Tid=2888,}, 0x0, ) == 0x0
 04086  1948   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01468  1600   NtWaitForSingleObject  ... ) == 0x0
 04082  1064   NtSetEventBoostPriority  ... ) == 0x0
 04087  1388   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04083   520   NtRegisterThreadTerminatePort  ... ) == 0x0
 03793   988   NtWaitForSingleObject  ... ) == 0x0
 04088   276   NtRegisterThreadTerminatePort  (24, ...
 04089  1764   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1304, 1764, 58316, 0}  (24, {28, 56, new_msg, 0, 1304, 1764, 58316, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\6\0\0\30\5\0\0H\13\0\0" ...  ...
 04090  1600   NtSetEventBoostPriority  (96, ...
 04086  1948   NtDuplicateObject  ... 1660, ) == 0x0
 04084  1500   NtSetEventBoostPriority  ... ) == 0x0
 04091   996   NtTestAlert  (...
 04092  1064   NtTestAlert  (...
 04093   520   NtWaitForSingleObject  (1576, 0, 0x0, ...
 04094   988   NtSetEventBoostPriority  (1576, ...
 04088   276   NtRegisterThreadTerminatePort  ... ) == 0x0
 01477  1372   NtWaitForSingleObject  ... ) == 0x0
 04090  1600   NtSetEventBoostPriority  ... ) == 0x0
 04089  1764   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1304, 1764, 58317, 0}  ... {28, 56, reply, 0, 1304, 1764, 58317, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\6\0\0\30\5\0\0H\13\0\0" )  ) == 0x0
 04095  1500   NtWaitForSingleObject  (1636, 0, 0x0, ...
 04091   996   NtTestAlert  ... ) == 0x0
 04092  1064   NtTestAlert  ... ) == 0x0
NtCallbackReturn(>)	1	NtNotifyChangeKey(>)	2	NtQueryVirtualMemory(>)	6	NtOpenKey(>)	64
NtFsControlFile(>)	1	NtOpenDirectoryObject(>)	2	NtQueryInformationFile(>)	7	NtContinue(>)	102
NtGdiCreateBitmap(>)	1	NtOpenProcessToken(>)	2	NtSetInformationFile(>)	7	NtDuplicateObject(>)	121
NtGdiInit(>)	1	NtQueryDefaultLocale(>)	2	NtUnmapViewOfSection(>)	7	NtQueryValueKey(>)	136
NtGdiQueryFontAssocInfo(>)	1	NtSetValueKey(>)	2	NtCreateFile(>)	8	NtClose(>)	143
NtGdiSelectBitmap(>)	1	NtFreeVirtualMemory(>)	3	NtUserFindExistingCursorIcon(>)	9	NtRegisterThreadTerminatePort(>)	196
NtOpenKeyedEvent(>)	1	NtGdiCreateCompatibleDC(>)	3	NtCreateSection(>)	11	NtTestAlert(>)	200
NtOpenSymbolicLinkObject(>)	1	NtOpenProcessTokenEx(>)	3	NtOpenFile(>)	12	NtSetEventBoostPriority(>)	333
NtQueryObject(>)	1	NtOpenThreadTokenEx(>)	3	NtUserRegisterClassExWOW(>)	14	NtQueryInformationThread(>)	341
NtQuerySymbolicLinkObject(>)	1	NtQueryDebugFilterState(>)	3	NtOpenSection(>)	15	NtCreateThread(>)	342
NtSecureConnectPort(>)	1	NtQueryVolumeInformationFile(>)	3	NtQuerySystemInformation(>)	15	NtResumeThread(>)	342
NtSetInformationProcess(>)	1	NtSetInformationObject(>)	3	NtQueryAttributesFile(>)	16	NtRequestWaitReplyPort(>)	347
NtSetInformationThread(>)	1	NtQueryInformationProcess(>)	4	NtReadFile(>)	19	NtProtectVirtualMemory(>)	434
NtUserCallNoParam(>)	1	NtGdiGetStockObject(>)	5	NtWriteFile(>)	20	NtWaitForSingleObject(>)	711
NtUserGetThreadDesktop(>)	1	NtQueryDirectoryFile(>)	6	NtMapViewOfSection(>)	22	NtAllocateVirtualMemory(>)	842
NtCreateMutant(>)	2	NtQueryInformationToken(>)	6	NtFlushInstructionCache(>)	23
NtGdiCreateSolidBrush(>)	2	NtQuerySection(>)	6