Summary:


NtAccessCheck(>) 
 1 
NtTestAlert(>) 
 1 
NtQueryDefaultLocale(>) 
 4 
NtProtectVirtualMemory(>) 
 28 

NtAddAtom(>) 
 1 
NtUserCallNoParam(>) 
 1 
NtGdiGetStockObject(>) 
 5 
NtOpenSection(>) 
 29 

NtCallbackReturn(>) 
 1 
NtUserCallOneParam(>) 
 1 
NtCreateSemaphore(>) 
 6 
NtAllocateVirtualMemory(>) 
 35 

NtConnectPort(>) 
 1 
NtUserGetDC(>) 
 1 
NtQuerySection(>) 
 6 
NtMapViewOfSection(>) 
 35 

NtContinue(>) 
 1 
NtUserGetThreadDesktop(>) 
 1 
NtCreateEvent(>) 
 7 
NtQueryAttributesFile(>) 
 36 

NtCreateMutant(>) 
 1 
NtClearEvent(>) 
 2 
NtOpenProcessTokenEx(>) 
 7 
NtUserGetClassInfo(>) 
 37 

NtEnumerateValueKey(>) 
 1 
NtDuplicateObject(>) 
 2 
NtOpenThreadTokenEx(>) 
 7 
NtUserFindExistingCursorIcon(>) 
 48 

NtFreeVirtualMemory(>) 
 1 
NtGdiCreateSolidBrush(>) 
 2 
NtRequestWaitReplyPort(>) 
 7 
NtUserRegisterClassExWOW(>) 
 63 

NtFsControlFile(>) 
 1 
NtOpenDirectoryObject(>) 
 2 
NtOpenMutant(>) 
 8 
NtOpenKey(>) 
 108 

NtGdiCreateBitmap(>) 
 1 
NtQueryInstallUILanguage(>) 
 2 
NtQueryDefaultUILanguage(>) 
 8 
NtQueryInformationFile(>) 
 146 

NtGdiInit(>) 
 1 
NtQueryVirtualMemory(>) 
 2 
NtQueryVolumeInformationFile(>) 
 8 
NtSetInformationFile(>) 
 155 

NtGdiQueryFontAssocInfo(>) 
 1 
NtSetEvent(>) 
 2 
NtReleaseMutant(>) 
 8 
NtQueryValueKey(>) 
 215 

NtGdiSelectBitmap(>) 
 1 
NtGdiCreateCompatibleDC(>) 
 3 
NtUnmapViewOfSection(>) 
 9 
NtOpenFile(>) 
 263 

NtOpenKeyedEvent(>) 
 1 
NtNotifyChangeKey(>) 
 3 
NtQueryInformationToken(>) 
 10 
NtQueryDirectoryFile(>) 
 352 

NtOpenProcess(>) 
 1 
NtOpenEvent(>) 
 3 
NtUserSystemParametersInfo(>) 
 10 
NtReadFile(>) 
 400 

NtOpenSymbolicLinkObject(>) 
 1 
NtOpenProcessToken(>) 
 3 
NtCreateSection(>) 
 12 
NtWriteFile(>) 
 467 

NtQueryEvent(>) 
 1 
NtOpenThreadToken(>) 
 3 
NtFlushInstructionCache(>) 
 13 
NtDelayExecution(>) 
 601 

NtQueryObject(>) 
 1 
NtQueryInformationProcess(>) 
 3 
NtWaitForSingleObject(>) 
 14 
NtCreateFile(>) 
 656 

NtQuerySymbolicLinkObject(>) 
 1 
NtReleaseSemaphore(>) 
 3 
NtQueryDebugFilterState(>) 
 15 
NtClose(>) 
 1038 

NtRegisterThreadTerminatePort(>) 
 1 
NtSetInformationObject(>) 
 3 
NtSetValueKey(>) 
 15 

NtSecureConnectPort(>) 
 1 
NtUserRegisterWindowMessage(>) 
 3 
NtQuerySystemInformation(>) 
 17 

NtSetInformationThread(>) 
 1 

Trace:
 00001   464   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002   464   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00003   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00004   464   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00005   464   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00006   464   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00007   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00008   464   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00009   464   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00010   464   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00011   464   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00012   464   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00013   464   NtClose  (12, ... ) == 0x0
 00014   464   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\U:\startupscripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00015   464   NtQueryVolumeInformationFile  (12, 1243848, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00016   464   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... ) == STATUS_INVALID_PARAMETER
 00017   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243832, ... ) }, 1243832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019   464   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e60000), 0x0, 937984, ) == 0x0
 00020   464   NtClose  (16, ... ) == 0x0
 00021   464   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00022   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00023   464   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00024   464   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18481152}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18481152}, {0, 0, 0}, 200, 44, ) == 0x0
 00025   464   NtClose  (16, ... ) == 0x0
 00026   464   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00027   464   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00028   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00029   464   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00030   464   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00031   464   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 0, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" ... {28, 56, reply, 0, 460, 464, 1526, 0} "(\264\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" )  ... {28, 56, reply, 0, 460, 464, 1526, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" ... {28, 56, reply, 0, 460, 464, 1526, 0} "(\264\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" )  ) == 0x0
 00032   464   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00033   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00034   464   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00035   464   NtClose  (16, ... ) == 0x0
 00036   464   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00037   464   NtOpenMutant  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\NlsCacheMutant"}, ... 16, ) }, ... 16, ) == 0x0
 00038   464   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 28, ) }, ... 28, ) == 0x0
 00039   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00040   464   NtClose  (28, ... ) == 0x0
 00041   464   NtQueryDefaultLocale  (0, 2012046252, ... ) == 0x0
 00042   464   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 28, ) }, ... 28, ) == 0x0
 00043   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 212992, ) == 0x0
 00044   464   NtClose  (28, ... ) == 0x0
 00045   464   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 28, ) }, ... 28, ) == 0x0
 00046   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00047   464   NtQuerySection  (28, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00048   464   NtClose  (28, ... ) == 0x0
 00049   464   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 28, ) }, ... 28, ) == 0x0
 00050   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00051   464   NtClose  (28, ... ) == 0x0
 00052   464   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00053   464   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00054   464   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00055   464   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" ... {28, 56, reply, 0, 460, 464, 1529, 0} "8\244\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" )  ... {28, 56, reply, 0, 460, 464, 1529, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" ... {28, 56, reply, 0, 460, 464, 1529, 0} "8\244\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" )  ) == 0x0
 00056   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 8, ) == 0x0
 00057   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 8, ... (0x408000), 4096, 4, ) == 0x0
 00058   464   NtFlushInstructionCache  (-1, 4227072, 4096, ... ) == 0x0
 00059   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00060   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 569344, ) == 0x0
 00061   464   NtClose  (28, ... ) == 0x0
 00062   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00063   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77cc0000), 0x0, 479232, ) == 0x0
 00064   464   NtClose  (28, ... ) == 0x0
 00065   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00066   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00067   464   NtFlushInstructionCache  (-1, 4227072, 4096, ... ) == 0x0
 00068   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "MPR.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00069   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71b20000), 0x0, 69632, ) == 0x0
 00070   464   NtClose  (28, ... ) == 0x0
 00071   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "USER32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00072   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77d40000), 0x0, 577536, ) == 0x0
 00073   464   NtClose  (28, ... ) == 0x0
 00074   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00075   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c70000), 0x0, 262144, ) == 0x0
 00076   464   NtClose  (28, ... ) == 0x0
 00077   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00078   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00079   464   NtFlushInstructionCache  (-1, 4227072, 4096, ... ) == 0x0
 00080   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHLWAPI.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00081   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x772d0000), 0x0, 405504, ) == 0x0
 00082   464   NtClose  (28, ... ) == 0x0
 00083   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "msvcrt.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00084   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 339968, ) == 0x0
 00085   464   NtClose  (28, ... ) == 0x0
 00086   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00087   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00088   464   NtFlushInstructionCache  (-1, 4227072, 4096, ... ) == 0x0
 00089   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00090   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00091   464   NtFlushInstructionCache  (-1, 4227072, 4096, ... ) == 0x0
 00092   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WSOCK32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00093   464   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00094   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WSOCK32.dll"}, 1242624, ... ) }, 1242624, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00095   464   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WSOCK32.dll"}, 1242624, ... ) }, 1242624, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00096   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WSOCK32.dll"}, 1242624, ... ) }, 1242624, ... ) == 0x0
 00097   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WSOCK32.dll"}, 5, 96, ... 28, {status=0x0, info=1}, ) }, 5, 96, ... 28, {status=0x0, info=1}, ) == 0x0
 00098   464   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 28, ... 32, ) == 0x0
 00099   464   NtQuerySection  (32, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00100   464   NtOpenProcessToken  (-1, 0x8, ... 36, ) == 0x0
 00101   464   NtQueryInformationToken  (36, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00102   464   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00103   464   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 40, ) }, ... 40, ) == 0x0
 00104   464   NtQueryValueKey  (40,  (40, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (40, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00105   464   NtClose  (40, ... ) == 0x0
 00106   464   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00107   464   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 40, ) == 0x0
 00108   464   NtQueryInformationToken  (40, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00109   464   NtClose  (40, ... ) == 0x0
 00110   464   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00111   464   NtClose  (36, ... ) == 0x0
 00112   464   NtClose  (28, ... ) == 0x0
 00113   464   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71ad0000), 0x0, 32768, ) == 0x0
 00114   464   NtClose  (32, ... ) == 0x0
 00115   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00116   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2_32.dll"}, 1241820, ... ) }, 1241820, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00117   464   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2_32.dll"}, 1241820, ... ) }, 1241820, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00118   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 1241820, ... ) }, 1241820, ... ) == 0x0
 00119   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 5, 96, ... 32, {status=0x0, info=1}, ) }, 5, 96, ... 32, {status=0x0, info=1}, ) == 0x0
 00120   464   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 32, ... 28, ) == 0x0
 00121   464   NtQuerySection  (28, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00122   464   NtClose  (32, ... ) == 0x0
 00123   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71ab0000), 0x0, 86016, ) == 0x0
 00124   464   NtClose  (28, ... ) == 0x0
 00125   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00126   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2HELP.dll"}, 1241016, ... ) }, 1241016, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00127   464   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2HELP.dll"}, 1241016, ... ) }, 1241016, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00128   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 1241016, ... ) }, 1241016, ... ) == 0x0
 00129   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 5, 96, ... 28, {status=0x0, info=1}, ) }, 5, 96, ... 28, {status=0x0, info=1}, ) == 0x0
 00130   464   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 28, ... 32, ) == 0x0
 00131   464   NtQuerySection  (32, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00132   464   NtClose  (28, ... ) == 0x0
 00133   464   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71aa0000), 0x0, 32768, ) == 0x0
 00134   464   NtClose  (32, ... ) == 0x0
 00135   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00136   464   NtProtectVirtualMemory  (-1, (0x408000), 4096, 4, ... (0x408000), 4096, 4, ) == 0x0
 00137   464   NtFlushInstructionCache  (-1, 4227072, 4096, ... ) == 0x0
 00138   464   NtOpenProcessToken  (-1, 0x8, ... 32, ) == 0x0
 00139   464   NtQueryInformationToken  (32, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00140   464   NtClose  (32, ... ) == 0x0
 00141   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 32, ) }, ... 32, ) == 0x0
 00142   464   NtQueryValueKey  (32,  (32, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (32, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00143   464   NtClose  (32, ... ) == 0x0
 00144   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 32, ) }, ... 32, ) == 0x0
 00145   464   NtQueryValueKey  (32,  (32, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (32, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00146   464   NtQueryValueKey  (32,  (32, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (32, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00147   464   NtClose  (32, ... ) == 0x0
 00148   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 32, ) }, ... 32, ) == 0x0
 00149   464   NtQueryValueKey  (32,  (32, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00150   464   NtClose  (32, ... ) == 0x0
 00151   464   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 32, ) }, ... 32, ) == 0x0
 00152   464   NtSetInformationObject  (32, Handle, {Inherit=0,ProtectFromClose=1,}, 2011365632, ... ) == 0x0
 00153   464   NtOpenKey  (0x20019, {24, 32, 0x40, 0, 0,  (0x20019, {24, 32, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00154   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00155   464   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1246456, 1, 24, 2012568566}  (24, {28, 56, new_msg, 0, 1246456, 1, 24, 2012568566} "\210\6\32\1\0\0\0\0\314\4\23\0\324Wh\364\3\0\0\0\234\6\32\1$\1\0\0" ... {28, 56, reply, 0, 460, 464, 1570, 0} "XQ\26\0\0\0\0\0\0\0\0\0\324Wh\364\3\0\0\0\234\6\32\1$\1\0\0" )  ... {28, 56, reply, 0, 460, 464, 1570, 0}  (24, {28, 56, new_msg, 0, 1246456, 1, 24, 2012568566} "\210\6\32\1\0\0\0\0\314\4\23\0\324Wh\364\3\0\0\0\234\6\32\1$\1\0\0" ... {28, 56, reply, 0, 460, 464, 1570, 0} "XQ\26\0\0\0\0\0\0\0\0\0\324Wh\364\3\0\0\0\234\6\32\1$\1\0\0" )  ) == 0x0
 00156   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00157   464   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x410000), 0x0, 1060864, ) == 0x0
 00158   464   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 36, ) == 0x0
 00159   464   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00160   464   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147482020, ) == 0x0
 00161   464   NtQueryInformationToken  (-2147482020, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00162   464   NtQueryInformationToken  (-2147482020, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00163   464   NtClose  (-2147482020, ... ) == 0x0
 00164   464   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 4128768, 4096, ) == 0x0
 00165   464   NtFreeVirtualMemory  (-1, (0x3f0000), 4096, 32768, ... (0x3f0000), 4096, ) == 0x0
 00166   464   NtDuplicateObject  (-1, 40, -1, 0x0, 0, 2, ... 48, ) == 0x0
 00167   464   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00168   464   NtQueryValueKey  (-2147482020,  (-2147482020, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00169   464   NtClose  (-2147482020, ... ) == 0x0
 00170   464   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00171   464   NtQueryValueKey  (-2147482020,  (-2147482020, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00172   464   NtClose  (-2147482020, ... ) == 0x0
 00173   464   NtQueryDefaultLocale  (0, -136214004, ... ) == 0x0
 00174   464   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00175   464   NtUserCallNoParam  (24, ... ) == 0x0
 00176   464   NtGdiCreateCompatibleDC  (0, ...
 00177   464   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 4128768, 4096, ) == 0x0
 00176   464   NtGdiCreateCompatibleDC  ... ) == 0xe010451
 00178   464   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00179   464   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00180   464   NtGdiCreateBitmap  (8, 8, 1, 1, 2010393708, ... ) == 0xb050458
 00181   464   NtGdiCreateSolidBrush  (0, 0, ...
 00182   464   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 8519680, 4096, ) == 0x0
 00181   464   NtGdiCreateSolidBrush  ... ) == 0x810045b
 00183   464   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00184   464   NtGdiCreateCompatibleDC  (0, ... ) == 0x601045c
 00185   464   NtGdiSelectBitmap  (100729948, 184878168, ... ) == 0x185000f
 00186   464   NtUserGetThreadDesktop  (464, 0, ... ) == 0x2c
 00187   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 52, ) }, ... 52, ) == 0x0
 00188   464   NtQueryValueKey  (52,  (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00189   464   NtClose  (52, ... ) == 0x0
 00190   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00191   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 673, 128, 0, ... ) == 0x810dc017
 00192   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00193   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 674, 128, 0, ... ) == 0x810dc01c
 00194   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00195   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 675, 128, 0, ... ) == 0x810dc01e
 00196   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00197   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 676, 128, 0, ... ) == 0x810d8002
 00198   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10013
 00199   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 677, 128, 0, ... ) == 0x810dc018
 00200   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00201   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 678, 128, 0, ... ) == 0x810dc01a
 00202   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00203   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 679, 128, 0, ... ) == 0x810dc01d
 00204   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00205   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 681, 128, 0, ... ) == 0x810dc026
 00206   464   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00207   464   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 680, 128, 0, ... ) == 0x810dc019
 00208   464   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ... ) == 0x810dc020
 00209   464   NtUserRegisterClassExWOW  (1241676, 1241752, 1241768, 1241740, 0, 130, 0, ... ) == 0x810dc022
 00210   464   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ... ) == 0x810dc023
 00211   464   NtUserRegisterClassExWOW  (1241676, 1241752, 1241768, 1241740, 0, 130, 0, ...
 00212   464   NtAllocateVirtualMemory  (-1, 5484544, 0, 4096, 4096, 32, ... 5484544, 4096, ) == 0x0
 00211   464   NtUserRegisterClassExWOW  ... ) == 0x810dc024
 00213   464   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ... ) == 0x810dc025
 00214   464   NtCallbackReturn  (0, 0, 0, ...
 00215   464   NtGdiInit  (... ) == 0x1
 00216   464   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00217   464   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00218   464   NtCreateSemaphore  (0x1f0003, 0x0, 1, 1, ... 52, ) == 0x0
 00219   464   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 56, ) == 0x0
 00220   464   NtOpenKey  (0x20019, {24, 32, 0x40, 0, 0,  (0x20019, {24, 32, 0x40, 0, 0, "system\CurrentControlSet\control\NetworkProvider\HwOrder"}, ... 60, ) }, ... 60, ) == 0x0
 00221   464   NtNotifyChangeKey  (60, 56, 0, 0, 2011390432, 4, 0, 0, 0, 1, ... ) == 0x103
 00222   464   NtQueryInformationProcess  (-1, 28, 4, ... {process info, class 28, size 4}, 0x0, ) == 0x0
 00223   464   NtCreateSemaphore  (0x100003, 0x0, 0, 2147483647, ... 64, ) == 0x0
 00224   464   NtCreateSemaphore  (0x100003, 0x0, 0, 2147483647, ... 68, ) == 0x0
 00225   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00226   464   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 8585216, 65536, ) == 0x0
 00227   464   NtAllocateVirtualMemory  (-1, 8585216, 0, 4096, 4096, 4, ... 8585216, 4096, ) == 0x0
 00228   464   NtAllocateVirtualMemory  (-1, 8589312, 0, 8192, 4096, 4, ... 8589312, 8192, ) == 0x0
 00229   464   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 72, ) }, ... 72, ) == 0x0
 00230   464   NtMapViewOfSection  (72, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x840000), 0x0, 12288, ) == 0x0
 00231   464   NtClose  (72, ... ) == 0x0
 00232   464   NtAllocateVirtualMemory  (-1, 8597504, 0, 4096, 4096, 4, ... 8597504, 4096, ) == 0x0
 00233   464   NtOpenKey  (0x2000000, {24, 32, 0x40, 0, 0,  (0x2000000, {24, 32, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Performance"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00234   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00235   464   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00236   464   NtTestAlert  (... ) == 0x0
 00237   464   NtContinue  (1244464, 1, ...
 00238   464   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x4078b0,}, 4, ... ) == 0x0
 00239   464   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 72, ) }, ... 72, ) == 0x0
 00240   464   NtQueryValueKey  (72,  (72, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00241   464   NtClose  (72, ... ) == 0x0
 00242   464   NtProtectVirtualMemory  (-1, (0x400000), 4096, 4, ... (0x400000), 4096, 2, ) == 0x0
 00243   464   NtProtectVirtualMemory  (-1, (0x400000), 4096, 2, ... (0x400000), 4096, 4, ) == 0x0
 00244   464   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00245   464   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\C:\DOCUME~1\SRI-user\LOCALS~1\Temp\"}, 3, 33, ... 72, {status=0x0, info=1}, ) }, 3, 33, ... 72, {status=0x0, info=1}, ) == 0x0
 00246   464   NtQueryVolumeInformationFile  (72, 1244988, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00247   464   NtClose  (12, ... ) == 0x0
 00248   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\DOCUME~1\SRI-user\LOCALS~1\Temp\"}, 3, 16417, ... 12, {status=0x0, info=1}, ) }, 3, 16417, ... 12, {status=0x0, info=1}, ) == 0x0
 00249   464   NtQueryDirectoryFile  (12, 0, 0, 0, 1243768, 616, BothDirectory, 1,  (12, 0, 0, 0, 1243768, 616, BothDirectory, 1, "VR<.TMP", 0, ... ) , 0, ... ) == STATUS_NO_SUCH_FILE
 00250   464   NtClose  (12, ... ) == 0x0
 00251   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"}, ... 12, ) }, ... 12, ) == 0x0
 00252   464   NtQueryValueKey  (12,  (12, "Dummy", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00253   464   NtClose  (12, ... ) == 0x0
 00254   464   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00255   464   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 12, ) == 0x0
 00256   464   NtQueryInformationToken  (12, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00257   464   NtClose  (12, ... ) == 0x0
 00258   464   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... 12, ) }, ... 12, ) == 0x0
 00259   464   NtSetInformationObject  (12, Handle, {Inherit=0,ProtectFromClose=1,}, 1179904, ... ) == 0x0
 00260   464   NtOpenKey  (0x1, {24, 12, 0x40, 0, 0,  (0x1, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"}, ... 76, ) }, ... 76, ) == 0x0
 00261   464   NtQueryValueKey  (76,  (76, "Dummy", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00262   464   NtClose  (76, ... ) == 0x0
 00263   464   NtCreateKey  (0x2, {24, 32, 0x40, 0, 0,  (0x2, {24, 32, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List"}, 0, "", 0, ... ) }, 0, "", 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00264   464   NtCreateKey  (0x2000000, {24, 32, 0x40, 0, 0,  (0x2000000, {24, 32, 0x40, 0, 0, "SYSTEM"}, 0, "", 0, ... 76, 2, ) }, 0, "", 0, ... 76, 2, ) == 0x0
 00265   464   NtCreateKey  (0x2000000, {24, 76, 0x40, 0, 0,  (0x2000000, {24, 76, 0x40, 0, 0, "CurrentControlSet"}, 0, "", 0, ... 80, 2, ) }, 0, "", 0, ... 80, 2, ) == 0x0
 00266   464   NtClose  (76, ... ) == 0x0
 00267   464   NtCreateKey  (0x2000000, {24, 80, 0x40, 0, 0,  (0x2000000, {24, 80, 0x40, 0, 0, "Services"}, 0, "", 0, ... 76, 2, ) }, 0, "", 0, ... 76, 2, ) == 0x0
 00268   464   NtClose  (80, ... ) == 0x0
 00269   464   NtCreateKey  (0x2000000, {24, 76, 0x40, 0, 0,  (0x2000000, {24, 76, 0x40, 0, 0, "SharedAccess"}, 0, "", 0, ... 80, 2, ) }, 0, "", 0, ... 80, 2, ) == 0x0
 00270   464   NtClose  (76, ... ) == 0x0
 00271   464   NtCreateKey  (0x2000000, {24, 80, 0x40, 0, 0,  (0x2000000, {24, 80, 0x40, 0, 0, "Parameters"}, 0, "", 0, ... 76, 2, ) }, 0, "", 0, ... 76, 2, ) == 0x0
 00272   464   NtClose  (80, ... ) == 0x0
 00273   464   NtCreateKey  (0x2000000, {24, 76, 0x40, 0, 0,  (0x2000000, {24, 76, 0x40, 0, 0, "FirewallPolicy"}, 0, "", 0, ... }, 0, "", 0, ...
 00274   464   NtSetInformationFile  (-2147482844, -136215516, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00275   464   NtSetInformationFile  (-2147482844, -136215988, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00276   464   NtSetInformationFile  (-2147482844, -136215804, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00277   464   NtSetInformationFile  (-2147482844, -136215884, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00273   464   NtCreateKey  ... 80, 1, ) == 0x0
 00278   464   NtClose  (76, ... ) == 0x0
 00279   464   NtCreateKey  (0x2000000, {24, 80, 0x40, 0, 0,  (0x2000000, {24, 80, 0x40, 0, 0, "StandardProfile"}, 0, "", 0, ... }, 0, "", 0, ...
 00280   464   NtSetInformationFile  (-2147482844, -136215988, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00281   464   NtSetInformationFile  (-2147482844, -136215884, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00279   464   NtCreateKey  ... 76, 1, ) == 0x0
 00282   464   NtClose  (80, ... ) == 0x0
 00283   464   NtCreateKey  (0x2000000, {24, 76, 0x40, 0, 0,  (0x2000000, {24, 76, 0x40, 0, 0, "AuthorizedApplications"}, 0, "", 0, ... 80, 1, ) }, 0, "", 0, ... 80, 1, ) == 0x0
 00284   464   NtClose  (76, ... ) == 0x0
 00285   464   NtCreateKey  (0x2, {24, 80, 0x40, 0, 0,  (0x2, {24, 80, 0x40, 0, 0, "List"}, 0, "", 0, ... 76, 1, ) }, 0, "", 0, ... 76, 1, ) == 0x0
 00286   464   NtClose  (80, ... ) == 0x0
 00287   464   NtSetValueKey  (76,  (76, "SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List", 0, 1, "S\0Y\0S\0T\0E\0M\0\\0C\0u\0r\0r\0e\0n\0t\0C\0o\0n\0t\0r\0o\0l\0S\0e\0t\0\\0S\0e\0r\0v\0i\0c\0e\0s\0\\0S\0h\0a\0r\0e\0d\0A\0c\0c\0e\0s\0s\0\\0P\0a\0r\0a\0m\0e\0t\0e\0r\0s\0\\0F\0i\0r\0e\0w\0a\0l\0l\0P\0o\0l\0i\0c\0y\0\\0S\0t\0a\0n\0d\0a\0r\0d\0P\0r\0o\0f\0i\0l\0e\0\\0A\0u\0t\0h\0o\0r\0i\0z\0e\0d\0A\0p\0p\0l\0i\0c\0a\0t\0i\0o\0n\0s\0\\0L\0i\0s\0t\0:\0*\0:\0e\0n\0a\0b\0l\0e\0d\0:\0@\0s\0h\0e\0l\0l\03\02\0.\0d\0l\0l\0,\0-\01\0\0\0", 286, ... , 0, 1,  (76, "SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List", 0, 1, "S\0Y\0S\0T\0E\0M\0\\0C\0u\0r\0r\0e\0n\0t\0C\0o\0n\0t\0r\0o\0l\0S\0e\0t\0\\0S\0e\0r\0v\0i\0c\0e\0s\0\\0S\0h\0a\0r\0e\0d\0A\0c\0c\0e\0s\0s\0\\0P\0a\0r\0a\0m\0e\0t\0e\0r\0s\0\\0F\0i\0r\0e\0w\0a\0l\0l\0P\0o\0l\0i\0c\0y\0\\0S\0t\0a\0n\0d\0a\0r\0d\0P\0r\0o\0f\0i\0l\0e\0\\0A\0u\0t\0h\0o\0r\0i\0z\0e\0d\0A\0p\0p\0l\0i\0c\0a\0t\0i\0o\0n\0s\0\\0L\0i\0s\0t\0:\0*\0:\0e\0n\0a\0b\0l\0e\0d\0:\0@\0s\0h\0e\0l\0l\03\02\0.\0d\0l\0l\0,\0-\01\0\0\0", 286, ... , 286, ...
 00288   464   NtSetInformationFile  (-2147482844, -136215172, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00287   464   NtSetValueKey  ... ) == 0x0
 00289   464   NtClose  (76, ... ) == 0x0
 00290   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WININET.DLL"}, ... 76, ) }, ... 76, ) == 0x0
 00291   464   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x76200000), 0x0, 618496, ) == 0x0
 00292   464   NtClose  (76, ... ) == 0x0
 00293   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "CRYPT32.dll"}, ... 76, ) }, ... 76, ) == 0x0
 00294   464   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x762c0000), 0x0, 565248, ) == 0x0
 00295   464   NtClose  (76, ... ) == 0x0
 00296   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "MSASN1.dll"}, ... 76, ) }, ... 76, ) == 0x0
 00297   464   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x762a0000), 0x0, 61440, ) == 0x0
 00298   464   NtClose  (76, ... ) == 0x0
 00299   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "OLEAUT32.dll"}, ... 76, ) }, ... 76, ) == 0x0
 00300   464   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77120000), 0x0, 569344, ) == 0x0
 00301   464   NtClose  (76, ... ) == 0x0
 00302   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "OLE32.DLL"}, ... 76, ) }, ... 76, ) == 0x0
 00303   464   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x771b0000), 0x0, 1155072, ) == 0x0
 00304   464   NtClose  (76, ... ) == 0x0
 00305   464   NtOpenKey  (0x20019, {24, 32, 0x40, 0, 0,  (0x20019, {24, 32, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Services\crypt32\Performance"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00306   464   NtAllocateVirtualMemory  (-1, 1331200, 0, 4096, 4096, 4, ... 1331200, 4096, ) == 0x0
 00307   464   NtAllocateVirtualMemory  (-1, 1335296, 0, 4096, 4096, 4, ... 1335296, 4096, ) == 0x0
 00308   464   NtAllocateVirtualMemory  (-1, 1339392, 0, 4096, 4096, 4, ... 1339392, 4096, ) == 0x0
 00309   464   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 76, ) }, ... 76, ) == 0x0
 00310   464   NtCreateEvent  (0x1f0003, {24, 76, 0x80, 1243228, 0,  (0x1f0003, {24, 76, 0x80, 1243228, 0, "Global\crypt32LogoffEvent"}, 0, 0, ... ) }, 0, 0, ... ) == STATUS_ACCESS_DENIED
 00311   464   NtOpenEvent  (0x100000, {24, 76, 0x0, 0, 0,  (0x100000, {24, 76, 0x0, 0, 0, "Global\crypt32LogoffEvent"}, ... 80, ) }, ... 80, ) == 0x0
 00312   464   NtAllocateVirtualMemory  (-1, 1343488, 0, 4096, 4096, 4, ... 1343488, 4096, ) == 0x0
 00313   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00314   464   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00315   464   NtOpenKey  (0x20019, {24, 32, 0x40, 0, 0,  (0x20019, {24, 32, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Control\Session Manager"}, ... 84, ) }, ... 84, ) == 0x0
 00316   464   NtQueryValueKey  (84,  (84, "CriticalSectionTimeout", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "CriticalSectionTimeout", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) }, 16, ) == 0x0
 00317   464   NtClose  (84, ... ) == 0x0
 00318   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00319   464   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00320   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00321   464   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00322   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface"}, ... 84, ) }, ... 84, ) == 0x0
 00323   464   NtQueryValueKey  (84,  (84, "InterfaceHelperDisableAll", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00324   464   NtQueryValueKey  (84,  (84, "InterfaceHelperDisableAllForOle32", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00325   464   NtQueryValueKey  (84,  (84, "InterfaceHelperDisableTypeLib", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00326   464   NtClose  (84, ... ) == 0x0
 00327   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}"}, ... 84, ) }, ... 84, ) == 0x0
 00328   464   NtQueryValueKey  (84,  (84, "InterfaceHelperDisableAll", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00329   464   NtQueryValueKey  (84,  (84, "InterfaceHelperDisableAllForOle32", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00330   464   NtClose  (84, ... ) == 0x0
 00331   464   NtOpenEvent  (0x1f0003, {24, 76, 0x0, 0, 0,  (0x1f0003, {24, 76, 0x0, 0, 0, "HookSwitchHookEnabledEvent"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00332   464   NtUserRegisterWindowMessage  ( ("{FB8F0821-0164-101B-84ED-08002B2EC713}", ... ) , ... ) == 0xc07b
 00333   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00334   464   NtOpenKey  (0x9, {24, 32, 0x40, 0, 0,  (0x9, {24, 32, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT\UserEra"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00335   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00336   464   NtAllocateVirtualMemory  (-1, 1347584, 0, 8192, 4096, 4, ... 1347584, 8192, ) == 0x0
 00337   464   NtCreateKey  (0xf003f, {24, 12, 0x40, 0, 0,  (0xf003f, {24, 12, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History"}, 0, 0x0, 0, ... 84, 2, ) }, 0, 0x0, 0, ... 84, 2, ) == 0x0
 00338   464   NtQueryDefaultUILanguage  (1241464, ...
 00339   464   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00340   464   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482020, ) == 0x0
 00341   464   NtQueryInformationToken  (-2147482020, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00342   464   NtClose  (-2147482020, ... ) == 0x0
 00343   464   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00344   464   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00345   464   NtOpenKey  (0x80000000, {24, -2147482020, 0x640, 0, 0,  (0x80000000, {24, -2147482020, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00346   464   NtQueryValueKey  (-2147482032,  (-2147482032, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00347   464   NtClose  (-2147482032, ... ) == 0x0
 00348   464   NtClose  (-2147482020, ... ) == 0x0
 00338   464   NtQueryDefaultUILanguage  ... ) == 0x0
 00349   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00350   464   NtQueryInstallUILanguage  (2012047340, ... ) == 0x0
 00351   464   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WININET.DLL"}, 1, 96, ... 88, {status=0x0, info=1}, ) }, 1, 96, ... 88, {status=0x0, info=1}, ) == 0x0
 00352   464   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 88, ... 92, ) == 0x0
 00353   464   NtMapViewOfSection  (92, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0x850000), 0x0, 593920, ) == 0x0
 00354   464   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WININET.DLL.123.Manifest"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00355   464   NtQueryDefaultUILanguage  (2013024600, ...
 00356   464   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00357   464   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482020, ) == 0x0
 00358   464   NtQueryInformationToken  (-2147482020, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00359   464   NtClose  (-2147482020, ... ) == 0x0
 00360   464   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00361   464   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00362   464   NtOpenKey  (0x80000000, {24, -2147482020, 0x640, 0, 0,  (0x80000000, {24, -2147482020, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00363   464   NtQueryValueKey  (-2147482032,  (-2147482032, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00364   464   NtClose  (-2147482032, ... ) == 0x0
 00365   464   NtClose  (-2147482020, ... ) == 0x0
 00355   464   NtQueryDefaultUILanguage  ... ) == 0x0
 00366   464   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ... 1228800, 4096, ) == 0x0
 00367   464   NtQueryInstallUILanguage  (2013024602, ... ) == 0x0
 00368   464   NtQueryDefaultLocale  (1, 1239500, ... ) == 0x0
 00369   464   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WININET.DLL.123.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00370   464   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1240356, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1240356, 1, 96, 0} "\210\6\32\1\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1X\0\0\0\377\377\377\377\0\0\0\0P\275\214\0\0\0\0\0\312\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0$\364\22\0\0\0\0\0" ... {128, 156, reply, 0, 460, 464, 1571, 0} "(\350\26\0\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1X\0\0\0\377\377\377\377\0\0\0\0P\275\214\0\0\0\0\0\312\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0$\364\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 460, 464, 1571, 0}  (24, {128, 156, new_msg, 0, 1240356, 1, 96, 0} "\210\6\32\1\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1X\0\0\0\377\377\377\377\0\0\0\0P\275\214\0\0\0\0\0\312\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0$\364\22\0\0\0\0\0" ... {128, 156, reply, 0, 460, 464, 1571, 0} "(\350\26\0\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1X\0\0\0\377\377\377\377\0\0\0\0P\275\214\0\0\0\0\0\312\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0$\364\22\0\0\0\0\0" )  ) == 0x0
 00371   464   NtClose  (88, ... ) == 0x0
 00372   464   NtClose  (92, ... ) == 0x0
 00373   464   NtUnmapViewOfSection  (-1, 0x850000, ... ) == 0x0
 00374   464   NtUnmapViewOfSection  (-1, 0x12f424, ... ) == STATUS_NOT_MAPPED_VIEW
 00375   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00376   464   NtOpenKey  (0x8, {24, 0, 0x40, 0, 0,  (0x8, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00377   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00378   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00379   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local\"}, 1238040, ... ) }, 1238040, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00380   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00381   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00382   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00383   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 1238632, ... ) }, 1238632, ... ) == 0x0
 00384   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 3, 33, ... 92, {status=0x0, info=1}, ) }, 3, 33, ... 92, {status=0x0, info=1}, ) == 0x0
 00385   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00386   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... 88, {status=0x0, info=1}, ) }, 5, 96, ... 88, {status=0x0, info=1}, ) == 0x0
 00387   464   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 88, ... 96, ) == 0x0
 00388   464   NtClose  (88, ... ) == 0x0
 00389   464   NtMapViewOfSection  (96, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x900000), 0x0, 921600, ) == 0x0
 00390   464   NtClose  (96, ... ) == 0x0
 00391   464   NtUnmapViewOfSection  (-1, 0x900000, ... ) == 0x0
 00392   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... 96, {status=0x0, info=1}, ) }, 5, 96, ... 96, {status=0x0, info=1}, ) == 0x0
 00393   464   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 96, ... 88, ) == 0x0
 00394   464   NtQuerySection  (88, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00395   464   NtClose  (96, ... ) == 0x0
 00396   464   NtMapViewOfSection  (88, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71950000), 0x0, 933888, ) == 0x0
 00397   464   NtClose  (88, ... ) == 0x0
 00398   464   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00399   464   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00400   464   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00401   464   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00402   464   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00403   464   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00404   464   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00405   464   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00406   464   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00407   464   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00408   464   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00409   464   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00410   464   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00411   464   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00412   464   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00413   464   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00414   464   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00415   464   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00416   464   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00417   464   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00418   464   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00419   464   NtAddAtom  ( ("T\0h\0e\0m\0e\0P\0r\0o\0p\0S\0c\0r\0o\0l\0l\0B\0a\0r\0C\0t\0l\0", 42, 1239816, ... ) , 42, 1239816, ... ) == 0x0
 00420   464   NtQueryDefaultUILanguage  (1238532, ...
 00421   464   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00422   464   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482020, ) == 0x0
 00423   464   NtQueryInformationToken  (-2147482020, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00424   464   NtClose  (-2147482020, ... ) == 0x0
 00425   464   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00426   464   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00427   464   NtOpenKey  (0x80000000, {24, -2147482020, 0x640, 0, 0,  (0x80000000, {24, -2147482020, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00428   464   NtQueryValueKey  (-2147482032,  (-2147482032, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00429   464   NtClose  (-2147482032, ... ) == 0x0
 00430   464   NtClose  (-2147482020, ... ) == 0x0
 00420   464   NtQueryDefaultUILanguage  ... ) == 0x0
 00431   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00432   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237384, ... ) }, 1237384, ... ) == 0x0
 00433   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 5, 96, ... 88, {status=0x0, info=1}, ) }, 5, 96, ... 88, {status=0x0, info=1}, ) == 0x0
 00434   464   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 88, ... 96, ) == 0x0
 00435   464   NtClose  (88, ... ) == 0x0
 00436   464   NtMapViewOfSection  (96, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x850000), 0x0, 4096, ) == 0x0
 00437   464   NtClose  (96, ... ) == 0x0
 00438   464   NtUnmapViewOfSection  (-1, 0x850000, ... ) == 0x0
 00439   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237024, ... ) }, 1237024, ... ) == 0x0
 00440   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1237724,  (0x80100080, {24, 0, 0x40, 0, 1237724, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 0x0, 0, 5, 1, 96, 0, 0, ... 96, {status=0x0, info=1}, ) }, 0x0, 0, 5, 1, 96, 0, 0, ... 96, {status=0x0, info=1}, ) == 0x0
 00441   464   NtCreateSection  (0xf0005, 0x0, 0x0, 2, 134217728, 96, ... 88, ) == 0x0
 00442   464   NtClose  (96, ... ) == 0x0
 00443   464   NtMapViewOfSection  (88, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0x850000), {0, 0}, 4096, ) == 0x0
 00444   464   NtClose  (88, ... ) == 0x0
 00445   464   NtUnmapViewOfSection  (-1, 0x850000, ... ) == 0x0
 00446   464   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1, 96, ... 88, {status=0x0, info=1}, ) }, 1, 96, ... 88, {status=0x0, info=1}, ) == 0x0
 00447   464   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 88, ... 96, ) == 0x0
 00448   464   NtMapViewOfSection  (96, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0x850000), 0x0, 4096, ) == 0x0
 00449   464   NtQueryInformationFile  (88, 1237344, 56, NetworkOpen, ... {status=0x0, info=56}, ) == 0x0
 00450   464   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00451   464   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1237424, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1237424, 1, 96, 0} "\210\6\32\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\1X\0\0\0`\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\260\350\22\0\0\0\0\0" ... {128, 156, reply, 0, 460, 464, 1572, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\1X\0\0\0`\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\260\350\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 460, 464, 1572, 0}  (24, {128, 156, new_msg, 0, 1237424, 1, 96, 0} "\210\6\32\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\1X\0\0\0`\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\260\350\22\0\0\0\0\0" ... {128, 156, reply, 0, 460, 464, 1572, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\1X\0\0\0`\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\260\350\22\0\0\0\0\0" )  ) == 0x0
 00452   464   NtClose  (88, ... ) == 0x0
 00453   464   NtClose  (96, ... ) == 0x0
 00454   464   NtUnmapViewOfSection  (-1, 0x850000, ... ) == 0x0
 00455   464   NtUnmapViewOfSection  (-1, 0x12e8b0, ... ) == STATUS_NOT_MAPPED_VIEW
 00456   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00457   464   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... ) , ... ) == 0xc03a
 00458   464   NtUserSystemParametersInfo  (104, 0, 1906151468, 0, ... ) == 0x1
 00459   464   NtUserGetDC  (0, ... ) == 0x1010052
 00460   464   NtUserCallOneParam  (16842834, 56, ... ) == 0x1
 00461   464   NtUserSystemParametersInfo  (38, 4, 1906153440, 0, ... ) == 0x1
 00462   464   NtUserSystemParametersInfo  (66, 12, 1239836, 0, ... ) == 0x1
 00463   464   NtOpenProcessToken  (-1, 0x8, ... 96, ) == 0x0
 00464   464   NtAccessCheck  (1346024, 96, 0x1, 1239240, 1239184, 56, 1239268, ... ) == STATUS_NO_IMPERSONATION_TOKEN
 00465   464   NtClose  (96, ... ) == 0x0
 00466   464   NtOpenKey  (0x20019, {24, 12, 0x40, 0, 0,  (0x20019, {24, 12, 0x40, 0, 0, "Control Panel\Desktop"}, ... 96, ) }, ... 96, ) == 0x0
 00467   464   NtQueryValueKey  (96,  (96, "SmoothScroll", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00468   464   NtClose  (96, ... ) == 0x0
 00469   464   NtUserSystemParametersInfo  (41, 500, 1239336, 0, ... ) == 0x1
 00470   464   NtOpenKey  (0x1, {24, 12, 0x40, 0, 0,  (0x1, {24, 12, 0x40, 0, 0, "software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"}, ... 96, ) }, ... 96, ) == 0x0
 00471   464   NtQueryValueKey  (96,  (96, "EnableBalloonTips", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00472   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"}, ... 88, ) }, ... 88, ) == 0x0
 00473   464   NtQueryValueKey  (88,  (88, "EnableBalloonTips", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00474   464   NtClose  (88, ... ) == 0x0
 00475   464   NtClose  (96, ... ) == 0x0
 00476   464   NtUserSystemParametersInfo  (102, 0, 1906153328, 0, ... ) == 0x1
 00477   464   NtUserSystemParametersInfo  (4130, 0, 1239860, 0, ... ) == 0x1
 00478   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\LanguagePack"}, ... 96, ) }, ... 96, ) == 0x0
 00479   464   NtEnumerateValueKey  (96, 0, Full, 220, ... ) == STATUS_NO_MORE_ENTRIES
 00480   464   NtClose  (96, ... ) == 0x0
 00481   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00482   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc03b
 00483   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc03d
 00484   464   NtUserFindExistingCursorIcon  (1239140, 1239156, 1239724, ... ) == 0x10011
 00485   464   NtUserRegisterClassExWOW  (1239592, 1239672, 1239656, 1239688, 0, 384, 0, ... ) == 0x810dc03f
 00486   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00487   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc041
 00488   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00489   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc043
 00490   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc045
 00491   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00492   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc047
 00493   464   NtUserFindExistingCursorIcon  (1239140, 1239156, 1239724, ... ) == 0x10011
 00494   464   NtUserRegisterClassExWOW  (1239592, 1239672, 1239656, 1239688, 0, 384, 0, ... ) == 0x810dc049
 00495   464   NtUserGetClassInfo  (1905590272, 1239756, 1239708, 1239784, 0, ... ) == 0xc049
 00496   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00497   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc04b
 00498   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00499   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc04d
 00500   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00501   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc04f
 00502   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc051
 00503   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00504   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc053
 00505   464   NtUserFindExistingCursorIcon  (1239140, 1239156, 1239724, ... ) == 0x10011
 00506   464   NtUserRegisterClassExWOW  (1239592, 1239672, 1239656, 1239688, 0, 384, 0, ... ) == 0x810dc055
 00507   464   NtUserRegisterClassExWOW  (1239592, 1239672, 1239656, 1239688, 0, 384, 0, ... ) == 0x810dc057
 00508   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00509   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc059
 00510   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10013
 00511   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc05b
 00512   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00513   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc05d
 00514   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00515   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc05f
 00516   464   NtUserFindExistingCursorIcon  (1239140, 1239156, 1239724, ... ) == 0x10011
 00517   464   NtUserRegisterClassExWOW  (1239592, 1239672, 1239656, 1239688, 0, 384, 0, ... ) == 0x810dc017
 00518   464   NtUserFindExistingCursorIcon  (1239140, 1239156, 1239724, ... ) == 0x10011
 00519   464   NtUserRegisterClassExWOW  (1239592, 1239672, 1239656, 1239688, 0, 384, 0, ... ) == 0x810dc019
 00520   464   NtUserFindExistingCursorIcon  (1239140, 1239156, 1239724, ... ) == 0x10013
 00521   464   NtUserRegisterClassExWOW  (1239592, 1239672, 1239656, 1239688, 0, 384, 0, ... ) == 0x810dc018
 00522   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00523   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc01a
 00524   464   NtUserFindExistingCursorIcon  (1239140, 1239156, 1239724, ... ) == 0x10011
 00525   464   NtUserRegisterClassExWOW  (1239592, 1239672, 1239656, 1239688, 0, 384, 0, ... ) == 0x810dc01c
 00526   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00527   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ... ) == 0x810dc01e
 00528   464   NtUserFindExistingCursorIcon  (1239140, 1239156, 1239724, ... ) == 0x10011
 00529   464   NtUserRegisterClassExWOW  (1239652, 1239732, 1239716, 1239748, 0, 384, 0, ... ) == 0x810dc01b
 00530   464   NtUserFindExistingCursorIcon  (1239136, 1239152, 1239720, ... ) == 0x10011
 00531   464   NtUserRegisterClassExWOW  (1239648, 1239728, 1239712, 1239744, 0, 384, 0, ... ) == 0x810dc068
 00532   464   NtUserFindExistingCursorIcon  (1239144, 1239160, 1239728, ... ) == 0x10011
 00533   464   NtUserRegisterClassExWOW  (1239596, 1239676, 1239660, 1239692, 0, 384, 0, ...
 00534   464   NtAllocateVirtualMemory  (-1, 5488640, 0, 4096, 4096, 32, ... 5488640, 4096, ) == 0x0
 00533   464   NtUserRegisterClassExWOW  ... ) == 0x810dc06a
 00535   464   NtCreateKey  (0x2001f, {24, 12, 0x40, 0, 0,  (0x2001f, {24, 12, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"}, 0, 0x0, 0, ... 96, 2, ) }, 0, 0x0, 0, ... 96, 2, ) == 0x0
 00536   464   NtQueryValueKey  (96,  (96, "FromCacheTimeout", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00537   464   NtQueryValueKey  (96,  (96, "SecureProtocols", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00538   464   NtQueryValueKey  (96,  (96, "CertificateRevocation", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00539   464   NtQueryValueKey  (96,  (96, "DisableKeepAlive", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00540   464   NtQueryValueKey  (96,  (96, "DisablePassport", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00541   464   NtQueryValueKey  (96,  (96, "CacheMode", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00542   464   NtQueryValueKey  (96,  (96, "EnableHttp1_1", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (96, "EnableHttp1_1", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00543   464   NtQueryValueKey  (96,  (96, "ProxyHttp1.1", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00544   464   NtQueryValueKey  (96,  (96, "EnableNegotiate", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (96, "EnableNegotiate", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00545   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "Secur32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00546   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\Secur32.dll"}, 1242568, ... ) }, 1242568, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00547   464   NtQueryAttributesFile  ({24, 72, 0x40, 0, 0,  ({24, 72, 0x40, 0, 0, "Secur32.dll"}, 1242568, ... ) }, 1242568, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00548   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\Secur32.dll"}, 1242568, ... ) }, 1242568, ... ) == 0x0
 00549   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\Secur32.dll"}, 5, 96, ... 88, {status=0x0, info=1}, ) }, 5, 96, ... 88, {status=0x0, info=1}, ) == 0x0
 00550   464   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 88, ... 100, ) == 0x0
 00551   464   NtQuerySection  (100, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00552   464   NtClose  (88, ... ) == 0x0
 00553   464   NtMapViewOfSection  (100, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x76f90000), 0x0, 65536, ) == 0x0
 00554   464   NtClose  (100, ... ) == 0x0
 00555   464   NtCreateSemaphore  (0x100003, 0x0, 0, 2147483647, ... 100, ) == 0x0
 00556   464   NtCreateSemaphore  (0x100003, 0x0, 0, 2147483647, ... 88, ) == 0x0
 00557   464   NtOpenEvent  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\SECURITY\LSA_AUTHENTICATION_INITIALIZED"}, ... 104, ) }, ... 104, ) == 0x0
 00558   464   NtQueryEvent  (104, Basic, 8, ... {EventType=0,SignalState=1,}, 0x0, ) == 0x0
 00559   464   NtClose  (104, ... ) == 0x0
 00560   464   NtConnectPort  ( ("\LsaAuthenticationPort", {12, 2, 1, 0}, 0x0, 0x0, 1244052, 140, ... 104, 0x0, 0x0, 256, 140, ) , {12, 2, 1, 0}, 0x0, 0x0, 1244052, 140, ... 104, 0x0, 0x0, 256, 140, ) == 0x0
 00561   464   NtRequestWaitReplyPort  (104, {28, 52, new_msg, 0, 0, 0, 0, 0}  (104, {28, 52, new_msg, 0, 0, 0, 0, 0} "\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\1\0\13\30\10\2\220\36\24\0" ... {176, 200, reply, 0, 460, 464, 1574, 0} "\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\1\0\20\0\10\2\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0S\0R\0I\0-\0u\0s\0e\0r\0" )  ... {176, 200, reply, 0, 460, 464, 1574, 0}  (104, {28, 52, new_msg, 0, 0, 0, 0, 0} "\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\1\0\13\30\10\2\220\36\24\0" ... {176, 200, reply, 0, 460, 464, 1574, 0} "\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\1\0\20\0\10\2\220\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0S\0R\0I\0-\0u\0s\0e\0r\0" )  ) == 0x0
 00562   464   NtQueryValueKey  (96,  (96, "SyncMode5", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00563   464   NtOpenKey  (0xf, {24, 32, 0x40, 0, 0,  (0xf, {24, 32, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache"}, ... 108, ) }, ... 108, ) == 0x0
 00564   464   NtQueryValueKey  (108,  (108, "FixupKey", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00565   464   NtClose  (108, ... ) == 0x0
 00566   464   NtOpenKey  (0xf, {24, 32, 0x40, 0, 0,  (0xf, {24, 32, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache"}, ... 108, ) }, ... 108, ) == 0x0
 00567   464   NtQueryValueKey  (108,  (108, "SessionStartTimeDefaultDeltaSecs", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00568   464   NtClose  (108, ... ) == 0x0
 00569   464   NtOpenKey  (0xf, {24, 32, 0x40, 0, 0,  (0xf, {24, 32, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache"}, ... 108, ) }, ... 108, ) == 0x0
 00570   464   NtOpenKey  (0x20019, {24, 32, 0x40, 0, 0,  (0x20019, {24, 32, 0x40, 0, 0, "System\Setup"}, ... 112, ) }, ... 112, ) == 0x0
 00571   464   NtQueryValueKey  (112,  (112, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (112, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00572   464   NtClose  (112, ... ) == 0x0
 00573   464   NtOpenKey  (0xf, {24, 12, 0x40, 0, 0,  (0xf, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"}, ... 112, ) }, ... 112, ) == 0x0
 00574   464   NtOpenKey  (0xf, {24, 12, 0x40, 0, 0,  (0xf, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache"}, ... 116, ) }, ... 116, ) == 0x0
 00575   464   NtOpenKey  (0xf, {24, 12, 0x40, 0, 0,  (0xf, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"}, ... 120, ) }, ... 120, ) == 0x0
 00576   464   NtOpenKey  (0xf, {24, 12, 0x40, 0, 0,  (0xf, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache"}, ... 124, ) }, ... 124, ) == 0x0
 00577   464   NtQueryValueKey  (124,  (124, "Signature", Partial, 144, ... TitleIdx=0, Type=1, Data="C\0l\0i\0e\0n\0t\0 \0U\0r\0l\0C\0a\0c\0h\0e\0 \0M\0M\0F\0 \0V\0e\0r\0 \05\0.\02\0\0\0"}, 68, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (124, "Signature", Partial, 144, ... TitleIdx=0, Type=1, Data="C\0l\0i\0e\0n\0t\0 \0U\0r\0l\0C\0a\0c\0h\0e\0 \0M\0M\0F\0 \0V\0e\0r\0 \05\0.\02\0\0\0"}, 68, ) }, 68, ) == 0x0
 00578   464   NtQueryValueKey  (124,  (124, "Signature", Partial, 144, ... TitleIdx=0, Type=1, Data="C\0l\0i\0e\0n\0t\0 \0U\0r\0l\0C\0a\0c\0h\0e\0 \0M\0M\0F\0 \0V\0e\0r\0 \05\0.\02\0\0\0"}, 68, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (124, "Signature", Partial, 144, ... TitleIdx=0, Type=1, Data="C\0l\0i\0e\0n\0t\0 \0U\0r\0l\0C\0a\0c\0h\0e\0 \0M\0M\0F\0 \0V\0e\0r\0 \05\0.\02\0\0\0"}, 68, ) }, 68, ) == 0x0
 00579   464   NtClose  (124, ... ) == 0x0
 00580   464   NtOpenKey  (0xf, {24, 12, 0x40, 0, 0,  (0xf, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"}, ... 124, ) }, ... 124, ) == 0x0
 00581   464   NtQueryValueKey  (124,  (124, "Cache", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\0\0"}, 120, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (124, "Cache", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\0\0"}, 120, ) }, 120, ) == 0x0
 00582   464   NtQueryValueKey  (124,  (124, "Cache", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\0\0"}, 120, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (124, "Cache", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\0\0"}, 120, ) }, 120, ) == 0x0
 00583   464   NtQueryValueKey  (124,  (124, "Cookies", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0C\0o\0o\0k\0i\0e\0s\0\0\0"}, 56, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (124, "Cookies", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0C\0o\0o\0k\0i\0e\0s\0\0\0"}, 56, ) }, 56, ) == 0x0
 00584   464   NtQueryValueKey  (124,  (124, "Cookies", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0C\0o\0o\0k\0i\0e\0s\0\0\0"}, 56, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (124, "Cookies", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0C\0o\0o\0k\0i\0e\0s\0\0\0"}, 56, ) }, 56, ) == 0x0
 00585   464   NtQueryValueKey  (124,  (124, "History", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\0\0"}, 86, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (124, "History", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\0\0"}, 86, ) }, 86, ) == 0x0
 00586   464   NtQueryValueKey  (124,  (124, "History", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\0\0"}, 86, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (124, "History", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\0\0"}, 86, ) }, 86, ) == 0x0
 00587   464   NtClose  (124, ... ) == 0x0
 00588   464   NtOpenKey  (0xf, {24, 116, 0x40, 0, 0,  (0xf, {24, 116, 0x40, 0, 0, "Content"}, ... 124, ) }, ... 124, ) == 0x0
 00589   464   NtQueryValueKey  (124,  (124, "PerUserItem", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (124, "PerUserItem", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00590   464   NtClose  (124, ... ) == 0x0
 00591   464   NtOpenKey  (0xf, {24, 116, 0x40, 0, 0,  (0xf, {24, 116, 0x40, 0, 0, "Content"}, ... 124, ) }, ... 124, ) == 0x0
 00592   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "shell32.dll"}, ... 128, ) }, ... 128, ) == 0x0
 00593   464   NtMapViewOfSection  (128, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x773d0000), 0x0, 8339456, ) == 0x0
 00594   464   NtClose  (128, ... ) == 0x0
 00595   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "SYSTEM\Setup"}, ... 128, ) }, ... 128, ) == 0x0
 00596   464   NtQueryValueKey  (128,  (128, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (128, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00597   464   NtClose  (128, ... ) == 0x0
 00598   464   NtQueryDefaultUILanguage  (1239020, ...
 00599   464   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00600   464   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482020, ) == 0x0
 00601   464   NtQueryInformationToken  (-2147482020, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00602   464   NtClose  (-2147482020, ... ) == 0x0
 00603   464   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00604   464   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00605   464   NtOpenKey  (0x80000000, {24, -2147482020, 0x640, 0, 0,  (0x80000000, {24, -2147482020, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00606   464   NtQueryValueKey  (-2147482032,  (-2147482032, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00607   464   NtClose  (-2147482032, ... ) == 0x0
 00608   464   NtClose  (-2147482020, ... ) == 0x0
 00598   464   NtQueryDefaultUILanguage  ... ) == 0x0
 00609   464   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00610   464   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\shell32.dll"}, 1, 96, ... 128, {status=0x0, info=1}, ) }, 1, 96, ... 128, {status=0x0, info=1}, ) == 0x0
 00611   464   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 128, ... 132, ) == 0x0
 00612   464   NtMapViewOfSection  (132, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0x900000), 0x0, 8323072, ) == 0x0
 00613   464   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\shell32.dll.124.Manifest"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00614   464   NtQueryDefaultLocale  (1, 1237056, ... ) == 0x0
 00615   464   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\shell32.dll.124.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00616   464   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1237912, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1237912, 1, 96, 0} "\210\6\32\1\33\0\1\0\0\0\0\0\1\346\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1\200\0\0\0\377\377\377\377\0\0\0\0\20\311\307\0\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\230\352\22\0\0\0\0\0" ... {128, 156, reply, 0, 460, 464, 1575, 0} "\210\347\26\0\33\0\1\0\0\0\0\0\1\346\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1\200\0\0\0\377\377\377\377\0\0\0\0\20\311\307\0\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\230\352\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 460, 464, 1575, 0}  (24, {128, 156, new_msg, 0, 1237912, 1, 96, 0} "\210\6\32\1\33\0\1\0\0\0\0\0\1\346\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1\200\0\0\0\377\377\377\377\0\0\0\0\20\311\307\0\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\230\352\22\0\0\0\0\0" ... {128, 156, reply, 0, 460, 464, 1575, 0} "\210\347\26\0\33\0\1\0\0\0\0\0\1\346\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1\200\0\0\0\377\377\377\377\0\0\0\0\20\311\307\0\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\230\352\22\0\0\0\0\0" )  ) == 0x0
 00617   464   NtClose  (128, ... ) == 0x0
 00618   464   NtClose  (132, ... ) == 0x0
 00619   464   NtUnmapViewOfSection  (-1, 0x900000, ... ) == 0x0
 00620   464   NtUnmapViewOfSection  (-1, 0x12ea98, ... ) == STATUS_NOT_MAPPED_VIEW
 00621   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00622   464   NtAllocateVirtualMemory  (-1, 1355776, 0, 4096, 4096, 4, ... 1355776, 4096, ) == 0x0
 00623   464   NtOpenKey  (0x8, {24, 0, 0x40, 0, 0,  (0x8, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00624   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00625   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00626   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local\"}, 1236140, ... ) }, 1236140, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00627   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00628   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00629   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00630   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 1236732, ... ) }, 1236732, ... ) == 0x0
 00631   464   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 3, 33, ... 132, {status=0x0, info=1}, ) }, 3, 33, ... 132, {status=0x0, info=1}, ) == 0x0
 00632   464   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00633   464   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "comctl32.dll"}, ... 128, ) }, ... 128, ) == 0x0
 00634   464   NtMapViewOfSection  (128, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77340000), 0x0, 569344, ) == 0x0
 00635   464   NtClose  (128, ... ) == 0x0
 00636   464   NtOpenProcess  (0x400, {24, 0, 0x0, 0, 0, 0x0}, {460, 0}, ... 128, ) == 0x0
 00637   464   NtQueryInformationProcess  (128, Session, 4, ... {SessionId=0,}, 0x0, ) == 0x0
 00638   464   NtClose  (128, ... ) == 0x0
 00639   464   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... ) , ... ) == 0xc03a
 00640   464   NtUserSystemParametersInfo  (104, 0, 2000318720, 0, ... ) == 0x1
 00641   464   NtUserSystemParametersInfo  (38, 4, 2000318708, 0, ... ) == 0x1
 00642   464   NtOpenKey  (0x20019, {24, 12, 0x40, 0, 0,  (0x20019, {24, 12, 0x40, 0, 0, "Control Panel\Desktop"}, ... 128, ) }, ... 128, ) == 0x0
 00643   464   NtQueryValueKey  (128,  (128, "SmoothScroll", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00644   464   NtClose  (128, ... ) == 0x0
 00645   464   NtUserSystemParametersInfo  (41, 500, 1238596, 0, ... ) == 0x1
 00646   464   NtUserSystemParametersInfo  (102, 0, 2000318732, 0, ... ) == 0x1
 00647   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00648   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00649   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc03b
 00650   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00651   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc03d
 00652   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00653   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00654   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc03f
 00655   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00656   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00657   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc041
 00658   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00659   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00660   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc043
 00661   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00662   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc045
 00663   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00664   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00665   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc047
 00666   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00667   464   NtUserFindExistingCursorIcon  (1238384, 1238400, 1238968, ... ) == 0x10011
 00668   464   NtUserRegisterClassExWOW  (1238836, 1238916, 1238900, 1238932, 0, 384, 0, ... ) == 0x810dc049
 00669   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00670   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00671   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc04b
 00672   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00673   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00674   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc04d
 00675   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00676   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00677   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc04f
 00678   464   NtUserGetClassInfo  (1999896576, 1239008, 1238960, 1239036, 0, ... ) == 0x0
 00679   464   NtUserRegisterClassExWOW  (1238844, 1238924, 1238908, 1238940, 0, 384, 0, ... ) == 0x810dc051
 00680   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00681   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00682   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc053
 00683   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00684   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00685   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc055
 00686   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc057
 00687   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00688   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00689   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc059
 00690   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00691   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10013
 00692   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc05b
 00693   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00694   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00695   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc05d
 00696   464   NtUserGetClassInfo  (1999896576, 1239004, 1238956, 1239032, 0, ... ) == 0x0
 00697   464   NtUserFindExistingCursorIcon  (1238388, 1238404, 1238972, ... ) == 0x10011
 00698   464   NtUserRegisterClassExWOW  (1238840, 1238920, 1238904, 1238936, 0, 384, 0, ... ) == 0x810dc05f
 00699   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc03b
 00700   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc03d
 00701   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc03f
 00702   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc041
 00703   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc043
 00704   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc045
 00705   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc047
 00706   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc049
 00707   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc04b
 00708   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc04d
 00709   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc04f
 00710   464   NtUserGetClassInfo  (1999896576, 1240760, 1240712, 1240788, 0, ... ) == 0xc051
 00711   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc053
 00712   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc055
 00713   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc059
 00714   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc05b
 00715   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc05d
 00716   464   NtUserGetClassInfo  (1999896576, 1240756, 1240708, 1240784, 0, ... ) == 0xc05f
 00717   464   NtOpenThreadToken  (-2, 0xc, 1, ... ) == STATUS_NO_TOKEN
 00718   464   NtCreateSemaphore  (0x1f0003, {24, 76, 0x80, 1356328, 0,  (0x1f0003, {24, 76, 0x80, 1356328, 0, "shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}"}, 0, 2147483647, ... 128, ) }, 0, 2147483647, ... 128, ) == STATUS_OBJECT_NAME_EXISTS
 00719   464   NtReleaseSemaphore  (128, 1, ... 0, ) == 0x0
 00720   464   NtWaitForSingleObject  (128, 0, {0, 0}, ... ) == 0x0
 00721   464   NtCreateKey  (0x2000000, {24, 12, 0x40, 0, 0,  (0x2000000, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"}, 0, 0x0, 0, ... 136, 2, ) }, 0, 0x0, 0, ... 136, 2, ) == 0x0
 00722   464   NtQueryValueKey  (136,  (136, "Cache", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\0\0"}, 120, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (136, "Cache", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\0\0"}, 120, ) }, 120, ) == 0x0
 00723   464   NtClose  (136, ... ) == 0x0
 00724   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files"}, 1241280, ... ) }, 1241280, ... ) == 0x0
 00725   464   NtCreateKey  (0x2000000, {24, 12, 0x40, 0, 0,  (0x2000000, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"}, 0, 0x0, 0, ... 136, 2, ) }, 0, 0x0, 0, ... 136, 2, ) == 0x0
 00726   464   NtSetValueKey  (136,  (136, "Cache", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\0\0", 150, ... ) , 0, 1,  (136, "Cache", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\0\0", 150, ... ) , 150, ... ) == 0x0
 00727   464   NtClose  (136, ... ) == 0x0
 00728   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files"}, 1242612, ... ) }, 1242612, ... ) == 0x0
 00729   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files"}, 1242344, ... ) }, 1242344, ... ) == 0x0
 00730   464   NtOpenFile  (0x100100, {24, 0, 0x40, 0, 0,  (0x100100, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files"}, 7, 2113568, ... 136, {status=0x0, info=1}, ) }, 7, 2113568, ... 136, {status=0x0, info=1}, ) == 0x0
 00731   464   NtSetInformationFile  (136, 1242320, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00732   464   NtClose  (136, ... ) == 0x0
 00733   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\desktop.ini"}, 1242344, ... ) }, 1242344, ... ) == 0x0
 00734   464   NtQueryValueKey  (124,  (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00735   464   NtQueryValueKey  (124,  (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00736   464   NtQueryValueKey  (124,  (124, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\251~\1\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (124, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\251~\1\0"}, 16, ) }, 16, ) == 0x0
 00737   464   NtOpenKey  (0xf, {24, 32, 0x40, 0, 0,  (0xf, {24, 32, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache"}, ... 136, ) }, ... 136, ) == 0x0
 00738   464   NtOpenKey  (0xf, {24, 136, 0x40, 0, 0,  (0xf, {24, 136, 0x40, 0, 0, "Paths"}, ... 140, ) }, ... 140, ) == 0x0
 00739   464   NtOpenKey  (0xf, {24, 140, 0x40, 0, 0,  (0xf, {24, 140, 0x40, 0, 0, "Path1"}, ... 144, ) }, ... 144, ) == 0x0
 00740   464   NtOpenKey  (0xf, {24, 140, 0x40, 0, 0,  (0xf, {24, 140, 0x40, 0, 0, "Path2"}, ... 148, ) }, ... 148, ) == 0x0
 00741   464   NtOpenKey  (0xf, {24, 140, 0x40, 0, 0,  (0xf, {24, 140, 0x40, 0, 0, "Path3"}, ... 152, ) }, ... 152, ) == 0x0
 00742   464   NtOpenKey  (0xf, {24, 140, 0x40, 0, 0,  (0xf, {24, 140, 0x40, 0, 0, "Path4"}, ... 156, ) }, ... 156, ) == 0x0
 00743   464   NtOpenKey  (0xf, {24, 136, 0x40, 0, 0,  (0xf, {24, 136, 0x40, 0, 0, "Special Paths"}, ... 160, ) }, ... 160, ) == 0x0
 00744   464   NtSetValueKey  (140,  (140, "Directory", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\0\0", 174, ... ) , 0, 1,  (140, "Directory", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\0\0", 174, ... ) , 174, ... ) == 0x0
 00745   464   NtSetValueKey  (140,  (140, "Paths", 0, 4, "\4\0\0\0", 4, ... ) , 0, 4,  (140, "Paths", 0, 4, "\4\0\0\0", 4, ... ) , 4, ... ) == 0x0
 00746   464   NtSetValueKey  (144,  (144, "CachePath", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\\0C\0a\0c\0h\0e\01\0\0\0", 188, ... ) , 0, 1,  (144, "CachePath", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\\0C\0a\0c\0h\0e\01\0\0\0", 188, ... ) , 188, ... ) == 0x0
 00747   464   NtSetValueKey  (148,  (148, "CachePath", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\\0C\0a\0c\0h\0e\02\0\0\0", 188, ... ) , 0, 1,  (148, "CachePath", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\\0C\0a\0c\0h\0e\02\0\0\0", 188, ... ) , 188, ... ) == 0x0
 00748   464   NtSetValueKey  (152,  (152, "CachePath", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\\0C\0a\0c\0h\0e\03\0\0\0", 188, ... ) , 0, 1,  (152, "CachePath", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\\0C\0a\0c\0h\0e\03\0\0\0", 188, ... ) , 188, ... ) == 0x0
 00749   464   NtSetValueKey  (156,  (156, "CachePath", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\\0C\0a\0c\0h\0e\04\0\0\0", 188, ... ) , 0, 1,  (156, "CachePath", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0T\0e\0m\0p\0o\0r\0a\0r\0y\0 \0I\0n\0t\0e\0r\0n\0e\0t\0 \0F\0i\0l\0e\0s\0\\0C\0o\0n\0t\0e\0n\0t\0.\0I\0E\05\0\\0C\0a\0c\0h\0e\04\0\0\0", 188, ... ) , 188, ... ) == 0x0
 00750   464   NtSetValueKey  (144,  (144, "CacheLimit", 0, 4, "\252_\0\0", 4, ... ) , 0, 4,  (144, "CacheLimit", 0, 4, "\252_\0\0", 4, ... ) , 4, ... ) == 0x0
 00751   464   NtSetValueKey  (148,  (148, "CacheLimit", 0, 4, "\252_\0\0", 4, ... ) , 0, 4,  (148, "CacheLimit", 0, 4, "\252_\0\0", 4, ... ) , 4, ... ) == 0x0
 00752   464   NtSetValueKey  (152,  (152, "CacheLimit", 0, 4, "\252_\0\0", 4, ... ) , 0, 4,  (152, "CacheLimit", 0, 4, "\252_\0\0", 4, ... ) , 4, ... ) == 0x0
 00753   464   NtSetValueKey  (156,  (156, "CacheLimit", 0, 4, "\252_\0\0", 4, ... ) , 0, 4,  (156, "CacheLimit", 0, 4, "\252_\0\0", 4, ... ) , 4, ... ) == 0x0
 00754   464   NtClose  (156, ... ) == 0x0
 00755   464   NtClose  (152, ... ) == 0x0
 00756   464   NtClose  (148, ... ) == 0x0
 00757   464   NtClose  (144, ... ) == 0x0
 00758   464   NtClose  (140, ... ) == 0x0
 00759   464   NtClose  (160, ... ) == 0x0
 00760   464   NtClose  (136, ... ) == 0x0
 00761   464   NtOpenKey  (0xf, {24, 116, 0x40, 0, 0,  (0xf, {24, 116, 0x40, 0, 0, "Cookies"}, ... 136, ) }, ... 136, ) == 0x0
 00762   464   NtQueryValueKey  (136,  (136, "PerUserItem", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (136, "PerUserItem", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00763   464   NtClose  (136, ... ) == 0x0
 00764   464   NtClose  (124, ... ) == 0x0
 00765   464   NtOpenKey  (0xf, {24, 116, 0x40, 0, 0,  (0xf, {24, 116, 0x40, 0, 0, "Cookies"}, ... 124, ) }, ... 124, ) == 0x0
 00766   464   NtOpenThreadToken  (-2, 0xc, 1, ... ) == STATUS_NO_TOKEN
 00767   464   NtReleaseSemaphore  (128, 1, ... 0, ) == 0x0
 00768   464   NtWaitForSingleObject  (128, 0, {0, 0}, ... ) == 0x0
 00769   464   NtCreateKey  (0x2000000, {24, 12, 0x40, 0, 0,  (0x2000000, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"}, 0, 0x0, 0, ... 136, 2, ) }, 0, 0x0, 0, ... 136, 2, ) == 0x0
 00770   464   NtQueryValueKey  (136,  (136, "Cookies", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0C\0o\0o\0k\0i\0e\0s\0\0\0"}, 56, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (136, "Cookies", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0C\0o\0o\0k\0i\0e\0s\0\0\0"}, 56, ) }, 56, ) == 0x0
 00771   464   NtClose  (136, ... ) == 0x0
 00772   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Cookies"}, 1241280, ... ) }, 1241280, ... ) == 0x0
 00773   464   NtCreateKey  (0x2000000, {24, 12, 0x40, 0, 0,  (0x2000000, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"}, 0, 0x0, 0, ... 136, 2, ) }, 0, 0x0, 0, ... 136, 2, ) == 0x0
 00774   464   NtSetValueKey  (136,  (136, "Cookies", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0C\0o\0o\0k\0i\0e\0s\0\0\0", 86, ... ) , 0, 1,  (136, "Cookies", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0C\0o\0o\0k\0i\0e\0s\0\0\0", 86, ... ) , 86, ... ) == 0x0
 00775   464   NtClose  (136, ... ) == 0x0
 00776   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Cookies"}, 1242612, ... ) }, 1242612, ... ) == 0x0
 00777   464   NtQueryValueKey  (124,  (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="C\0o\0o\0k\0i\0e\0:\0\0\0"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="C\0o\0o\0k\0i\0e\0:\0\0\0"}, 28, ) }, 28, ) == 0x0
 00778   464   NtQueryValueKey  (124,  (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="C\0o\0o\0k\0i\0e\0:\0\0\0"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="C\0o\0o\0k\0i\0e\0:\0\0\0"}, 28, ) }, 28, ) == 0x0
 00779   464   NtQueryValueKey  (124,  (124, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (124, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) }, 16, ) == 0x0
 00780   464   NtOpenKey  (0xf, {24, 116, 0x40, 0, 0,  (0xf, {24, 116, 0x40, 0, 0, "History"}, ... 136, ) }, ... 136, ) == 0x0
 00781   464   NtQueryValueKey  (136,  (136, "PerUserItem", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (136, "PerUserItem", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00782   464   NtClose  (136, ... ) == 0x0
 00783   464   NtClose  (124, ... ) == 0x0
 00784   464   NtOpenKey  (0xf, {24, 116, 0x40, 0, 0,  (0xf, {24, 116, 0x40, 0, 0, "History"}, ... 124, ) }, ... 124, ) == 0x0
 00785   464   NtOpenThreadToken  (-2, 0xc, 1, ... ) == STATUS_NO_TOKEN
 00786   464   NtReleaseSemaphore  (128, 1, ... 0, ) == 0x0
 00787   464   NtWaitForSingleObject  (128, 0, {0, 0}, ... ) == 0x0
 00788   464   NtCreateKey  (0x2000000, {24, 12, 0x40, 0, 0,  (0x2000000, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"}, 0, 0x0, 0, ... 136, 2, ) }, 0, 0x0, 0, ... 136, 2, ) == 0x0
 00789   464   NtQueryValueKey  (136,  (136, "History", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\0\0"}, 86, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (136, "History", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\0\0"}, 86, ) }, 86, ) == 0x0
 00790   464   NtClose  (136, ... ) == 0x0
 00791   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History"}, 1241280, ... ) }, 1241280, ... ) == 0x0
 00792   464   NtCreateKey  (0x2000000, {24, 12, 0x40, 0, 0,  (0x2000000, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"}, 0, 0x0, 0, ... 136, 2, ) }, 0, 0x0, 0, ... 136, 2, ) == 0x0
 00793   464   NtSetValueKey  (136,  (136, "History", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\0\0", 116, ... ) , 0, 1,  (136, "History", 0, 1, "C\0:\0\\0D\0o\0c\0u\0m\0e\0n\0t\0s\0 \0a\0n\0d\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0S\0R\0I\0-\0u\0s\0e\0r\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\0\0", 116, ... ) , 116, ... ) == 0x0
 00794   464   NtClose  (136, ... ) == 0x0
 00795   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History"}, 1242612, ... ) }, 1242612, ... ) == 0x0
 00796   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History"}, 1242344, ... ) }, 1242344, ... ) == 0x0
 00797   464   NtOpenFile  (0x100100, {24, 0, 0x40, 0, 0,  (0x100100, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History"}, 7, 2113568, ... 136, {status=0x0, info=1}, ) }, 7, 2113568, ... 136, {status=0x0, info=1}, ) == 0x0
 00798   464   NtSetInformationFile  (136, 1242320, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00799   464   NtClose  (136, ... ) == 0x0
 00800   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\desktop.ini"}, 1242344, ... ) }, 1242344, ... ) == 0x0
 00801   464   NtQueryValueKey  (124,  (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="V\0i\0s\0i\0t\0e\0d\0:\0\0\0"}, 30, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="V\0i\0s\0i\0t\0e\0d\0:\0\0\0"}, 30, ) }, 30, ) == 0x0
 00802   464   NtQueryValueKey  (124,  (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="V\0i\0s\0i\0t\0e\0d\0:\0\0\0"}, 30, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (124, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data="V\0i\0s\0i\0t\0e\0d\0:\0\0\0"}, 30, ) }, 30, ) == 0x0
 00803   464   NtQueryValueKey  (124,  (124, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (124, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) }, 16, ) == 0x0
 00804   464   NtClose  (124, ... ) == 0x0
 00805   464   NtClose  (120, ... ) == 0x0
 00806   464   NtClose  (112, ... ) == 0x0
 00807   464   NtClose  (116, ... ) == 0x0
 00808   464   NtClose  (108, ... ) == 0x0
 00809   464   NtOpenMutant  (0x100000, {24, 76, 0x0, 0, 0,  (0x100000, {24, 76, 0x0, 0, 0, "_!MSFTHISTORY!_"}, ... 108, ) }, ... 108, ) == 0x0
 00810   464   NtOpenMutant  (0x100000, {24, 76, 0x0, 0, 0,  (0x100000, {24, 76, 0x0, 0, 0, "c:!documents and settings!sri-user!local settings!temporary internet files!content.ie5!"}, ... 116, ) }, ... 116, ) == 0x0
 00811   464   NtWaitForSingleObject  (116, 0, 0x0, ... ) == 0x0
 00812   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\Content.IE5\"}, 3, 8388641, ... 112, {status=0x0, info=1}, ) }, 3, 8388641, ... 112, {status=0x0, info=1}, ) == 0x0
 00813   464   NtQueryVolumeInformationFile  (112, 1243864, 24, Size, ... {status=0x0, info=24}, ) == 0x0
 00814   464   NtClose  (112, ... ) == 0x0
 00815   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\"}, 3, 8388641, ... 112, {status=0x0, info=1}, ) }, 3, 8388641, ... 112, {status=0x0, info=1}, ) == 0x0
 00816   464   NtQueryVolumeInformationFile  (112, 1243888, 24, Size, ... {status=0x0, info=24}, ) == 0x0
 00817   464   NtClose  (112, ... ) == 0x0
 00818   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\Content.IE5\"}, 1244216, ... ) }, 1244216, ... ) == 0x0
 00819   464   NtOpenFile  (0x100100, {24, 0, 0x40, 0, 0,  (0x100100, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\Content.IE5\"}, 7, 2113568, ... 112, {status=0x0, info=1}, ) }, 7, 2113568, ... 112, {status=0x0, info=1}, ) == 0x0
 00820   464   NtSetInformationFile  (112, 1244192, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00821   464   NtClose  (112, ... ) == 0x0
 00822   464   NtCreateFile  (0xc0100080, {24, 0, 0x40, 1356328, 1244208,  (0xc0100080, {24, 0, 0x40, 1356328, 1244208, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\Content.IE5\index.dat"}, 0x0, 0, 3, 3, 2144, 0, 0, ... 112, {status=0x0, info=1}, ) }, 0x0, 0, 3, 3, 2144, 0, 0, ... 112, {status=0x0, info=1}, ) == 0x0
 00823   464   NtSetInformationFile  (112, 1244260, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00824   464   NtQueryInformationFile  (112, 1244260, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00825   464   NtClose  (112, ... ) == 0x0
 00826   464   NtCreateFile  (0xc0100080, {24, 0, 0x40, 1356328, 1244192,  (0xc0100080, {24, 0, 0x40, 1356328, 1244192, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\Content.IE5\index.dat"}, 0x0, 0, 3, 3, 2144, 0, 0, ... 112, {status=0x0, info=1}, ) }, 0x0, 0, 3, 3, 2144, 0, 0, ... 112, {status=0x0, info=1}, ) == 0x0
 00827   464   NtOpenSection  (0x2, {24, 76, 0x0, 0, 0,  (0x2, {24, 76, 0x0, 0, 0, "C:_Documents and Settings_SRI-user_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768"}, ... 120, ) }, ... 120, ) == 0x0
 00828   464   NtMapViewOfSection  (120, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x870000), {0, 0}, 32768, ) == 0x0
 00829   464   NtReleaseMutant  (116, ... 0x0, ) == 0x0
 00830   464   NtOpenMutant  (0x100000, {24, 76, 0x0, 0, 0,  (0x100000, {24, 76, 0x0, 0, 0, "c:!documents and settings!sri-user!cookies!"}, ... 124, ) }, ... 124, ) == 0x0
 00831   464   NtWaitForSingleObject  (124, 0, 0x0, ... ) == 0x0
 00832   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Cookies\"}, 3, 8388641, ... 136, {status=0x0, info=1}, ) }, 3, 8388641, ... 136, {status=0x0, info=1}, ) == 0x0
 00833   464   NtQueryVolumeInformationFile  (136, 1243864, 24, Size, ... {status=0x0, info=24}, ) == 0x0
 00834   464   NtClose  (136, ... ) == 0x0
 00835   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\"}, 3, 8388641, ... 136, {status=0x0, info=1}, ) }, 3, 8388641, ... 136, {status=0x0, info=1}, ) == 0x0
 00836   464   NtQueryVolumeInformationFile  (136, 1243888, 24, Size, ... {status=0x0, info=24}, ) == 0x0
 00837   464   NtClose  (136, ... ) == 0x0
 00838   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Cookies\"}, 1244216, ... ) }, 1244216, ... ) == 0x0
 00839   464   NtOpenFile  (0x100100, {24, 0, 0x40, 0, 0,  (0x100100, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Cookies\"}, 7, 2113568, ... 136, {status=0x0, info=1}, ) }, 7, 2113568, ... 136, {status=0x0, info=1}, ) == 0x0
 00840   464   NtSetInformationFile  (136, 1244192, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00841   464   NtClose  (136, ... ) == 0x0
 00842   464   NtCreateFile  (0xc0100080, {24, 0, 0x40, 1356328, 1244208,  (0xc0100080, {24, 0, 0x40, 1356328, 1244208, "\??\C:\Documents and Settings\SRI-user\Cookies\index.dat"}, 0x0, 0, 3, 3, 2144, 0, 0, ... 136, {status=0x0, info=1}, ) }, 0x0, 0, 3, 3, 2144, 0, 0, ... 136, {status=0x0, info=1}, ) == 0x0
 00843   464   NtSetInformationFile  (136, 1244260, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00844   464   NtQueryInformationFile  (136, 1244260, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00845   464   NtClose  (136, ... ) == 0x0
 00846   464   NtCreateFile  (0xc0100080, {24, 0, 0x40, 1356328, 1244192,  (0xc0100080, {24, 0, 0x40, 1356328, 1244192, "\??\C:\Documents and Settings\SRI-user\Cookies\index.dat"}, 0x0, 0, 3, 3, 2144, 0, 0, ... 136, {status=0x0, info=1}, ) }, 0x0, 0, 3, 3, 2144, 0, 0, ... 136, {status=0x0, info=1}, ) == 0x0
 00847   464   NtOpenSection  (0x2, {24, 76, 0x0, 0, 0,  (0x2, {24, 76, 0x0, 0, 0, "C:_Documents and Settings_SRI-user_Cookies_index.dat_16384"}, ... 160, ) }, ... 160, ) == 0x0
 00848   464   NtMapViewOfSection  (160, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x880000), {0, 0}, 16384, ) == 0x0
 00849   464   NtReleaseMutant  (124, ... 0x0, ) == 0x0
 00850   464   NtOpenMutant  (0x100000, {24, 76, 0x0, 0, 0,  (0x100000, {24, 76, 0x0, 0, 0, "c:!documents and settings!sri-user!local settings!history!history.ie5!"}, ... 140, ) }, ... 140, ) == 0x0
 00851   464   NtWaitForSingleObject  (140, 0, 0x0, ... ) == 0x0
 00852   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\History.IE5\"}, 3, 8388641, ... 144, {status=0x0, info=1}, ) }, 3, 8388641, ... 144, {status=0x0, info=1}, ) == 0x0
 00853   464   NtQueryVolumeInformationFile  (144, 1243864, 24, Size, ... {status=0x0, info=24}, ) == 0x0
 00854   464   NtClose  (144, ... ) == 0x0
 00855   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\"}, 3, 8388641, ... 144, {status=0x0, info=1}, ) }, 3, 8388641, ... 144, {status=0x0, info=1}, ) == 0x0
 00856   464   NtQueryVolumeInformationFile  (144, 1243888, 24, Size, ... {status=0x0, info=24}, ) == 0x0
 00857   464   NtClose  (144, ... ) == 0x0
 00858   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\History.IE5\"}, 1244216, ... ) }, 1244216, ... ) == 0x0
 00859   464   NtOpenFile  (0x100100, {24, 0, 0x40, 0, 0,  (0x100100, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\History.IE5\"}, 7, 2113568, ... 144, {status=0x0, info=1}, ) }, 7, 2113568, ... 144, {status=0x0, info=1}, ) == 0x0
 00860   464   NtSetInformationFile  (144, 1244192, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00861   464   NtClose  (144, ... ) == 0x0
 00862   464   NtCreateFile  (0xc0100080, {24, 0, 0x40, 1356328, 1244208,  (0xc0100080, {24, 0, 0x40, 1356328, 1244208, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\History.IE5\index.dat"}, 0x0, 0, 3, 3, 2144, 0, 0, ... 144, {status=0x0, info=1}, ) }, 0x0, 0, 3, 3, 2144, 0, 0, ... 144, {status=0x0, info=1}, ) == 0x0
 00863   464   NtSetInformationFile  (144, 1244260, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00864   464   NtQueryInformationFile  (144, 1244260, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00865   464   NtClose  (144, ... ) == 0x0
 00866   464   NtCreateFile  (0xc0100080, {24, 0, 0x40, 1356328, 1244192,  (0xc0100080, {24, 0, 0x40, 1356328, 1244192, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\History.IE5\index.dat"}, 0x0, 0, 3, 3, 2144, 0, 0, ... 144, {status=0x0, info=1}, ) }, 0x0, 0, 3, 3, 2144, 0, 0, ... 144, {status=0x0, info=1}, ) == 0x0
 00867   464   NtOpenSection  (0x2, {24, 76, 0x0, 0, 0,  (0x2, {24, 76, 0x0, 0, 0, "C:_Documents and Settings_SRI-user_Local Settings_History_History.IE5_index.dat_32768"}, ... 148, ) }, ... 148, ) == 0x0
 00868   464   NtMapViewOfSection  (148, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 4, ... (0x890000), {0, 0}, 32768, ) == 0x0
 00869   464   NtReleaseMutant  (140, ... 0x0, ) == 0x0
 00870   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\Content.IE5\"}, 1244272, ... ) }, 1244272, ... ) == 0x0
 00871   464   NtOpenFile  (0x100100, {24, 0, 0x40, 0, 0,  (0x100100, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\Content.IE5\"}, 7, 2113568, ... 152, {status=0x0, info=1}, ) }, 7, 2113568, ... 152, {status=0x0, info=1}, ) == 0x0
 00872   464   NtSetInformationFile  (152, 1244248, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00873   464   NtClose  (152, ... ) == 0x0
 00874   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini"}, 1244272, ... ) }, 1244272, ... ) == 0x0
 00875   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\History.IE5\"}, 1244272, ... ) }, 1244272, ... ) == 0x0
 00876   464   NtOpenFile  (0x100100, {24, 0, 0x40, 0, 0,  (0x100100, {24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\History.IE5\"}, 7, 2113568, ... 152, {status=0x0, info=1}, ) }, 7, 2113568, ... 152, {status=0x0, info=1}, ) == 0x0
 00877   464   NtSetInformationFile  (152, 1244248, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00878   464   NtClose  (152, ... ) == 0x0
 00879   464   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Documents and Settings\SRI-user\Local Settings\History\History.IE5\desktop.ini"}, 1244272, ... ) }, 1244272, ... ) == 0x0
 00880   464   NtWaitForSingleObject  (116, 0, 0x0, ... ) == 0x0
 00881   464   NtQueryInformationFile  (112, 1242656, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00882   464   NtReleaseMutant  (116, ... 0x0, ) == 0x0
 00883   464   NtOpenKey  (0xf, {24, 12, 0x40, 0, 0,  (0xf, {24, 12, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache"}, ... 152, ) }, ... 152, ) == 0x0
 00884   464   NtOpenKey  (0xf, {24, 152, 0x40, 0, 0,  (0xf, {24, 152, 0x40, 0, 0, "Extensible Cache"}, ... 156, ) }, ... 156, ) == 0x0
 00885   464   NtClose  (152, ... ) == 0x0
 00886   464   NtWaitForSingleObject  (108, 0, {-600000000, -1}, ... ) == 0x0
 00887   464   NtEnumerateKey  (156, 0, Basic, 288, ... {LastWrite={0x89210de2,0x1c79d95}, TitleIdx=0, Name= (156, 0, Basic, 288, ... {LastWrite={0x89210de2,0x1c79d95}, TitleIdx=0, Name="MSHist012007051420070521"}, 64, ) }, 64, ) == 0x0
 00888   464   NtOpenKey  (0xf, {24, 156, 0x40, 0, 0,  (0xf, {24, 156, 0x40, 0, 0, "MSHist012007051420070521"}, ... 152, ) }, ... 152, ) == 0x0
 00889   464   NtQueryValueKey  (152,  (152, "CacheRepair", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheRepair", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00890   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00891   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\01\04\02\00\00\07\00\05\02\01\0\\0\0\0"}, 162, ) , Partial, 162, ... TitleIdx=0, Type=2, Data= (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\01\04\02\00\00\07\00\05\02\01\0\\0\0\0"}, 162, ) }, 162, ) == 0x0
 00892   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00893   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\01\04\02\00\00\07\00\05\02\01\0\\0\0\0"}, 162, ) , Partial, 162, ... TitleIdx=0, Type=2, Data= (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\01\04\02\00\00\07\00\05\02\01\0\\0\0\0"}, 162, ) }, 162, ) == 0x0
 00894   464   NtQueryValueKey  (152,  (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\01\04\02\00\00\07\00\05\02\01\0:\0 \0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\01\04\02\00\00\07\00\05\02\01\0:\0 \0\0\0"}, 52, ) }, 52, ) == 0x0
 00895   464   NtQueryValueKey  (152,  (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\01\04\02\00\00\07\00\05\02\01\0:\0 \0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\01\04\02\00\00\07\00\05\02\01\0:\0 \0\0\0"}, 52, ) }, 52, ) == 0x0
 00896   464   NtQueryValueKey  (152,  (152, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) }, 16, ) == 0x0
 00897   464   NtQueryValueKey  (152,  (152, "CacheOptions", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheOptions", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) }, 16, ) == 0x0
 00898   464   NtClose  (152, ... ) == 0x0
 00899   464   NtEnumerateKey  (156, 1, Basic, 288, ... {LastWrite={0xfe4bb184,0x1c7a3a9}, TitleIdx=0, Name= (156, 1, Basic, 288, ... {LastWrite={0xfe4bb184,0x1c7a3a9}, TitleIdx=0, Name="MSHist012007052120070528"}, 64, ) }, 64, ) == 0x0
 00900   464   NtOpenKey  (0xf, {24, 156, 0x40, 0, 0,  (0xf, {24, 156, 0x40, 0, 0, "MSHist012007052120070528"}, ... 152, ) }, ... 152, ) == 0x0
 00901   464   NtQueryValueKey  (152,  (152, "CacheRepair", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheRepair", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00902   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00903   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\02\01\02\00\00\07\00\05\02\08\0\\0\0\0"}, 162, ) , Partial, 162, ... TitleIdx=0, Type=2, Data= (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\02\01\02\00\00\07\00\05\02\08\0\\0\0\0"}, 162, ) }, 162, ) == 0x0
 00904   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00905   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\02\01\02\00\00\07\00\05\02\08\0\\0\0\0"}, 162, ) , Partial, 162, ... TitleIdx=0, Type=2, Data= (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\02\01\02\00\00\07\00\05\02\08\0\\0\0\0"}, 162, ) }, 162, ) == 0x0
 00906   464   NtQueryValueKey  (152,  (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\02\01\02\00\00\07\00\05\02\08\0:\0 \0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\02\01\02\00\00\07\00\05\02\08\0:\0 \0\0\0"}, 52, ) }, 52, ) == 0x0
 00907   464   NtQueryValueKey  (152,  (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\02\01\02\00\00\07\00\05\02\08\0:\0 \0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\02\01\02\00\00\07\00\05\02\08\0:\0 \0\0\0"}, 52, ) }, 52, ) == 0x0
 00908   464   NtQueryValueKey  (152,  (152, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) }, 16, ) == 0x0
 00909   464   NtQueryValueKey  (152,  (152, "CacheOptions", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheOptions", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) }, 16, ) == 0x0
 00910   464   NtClose  (152, ... ) == 0x0
 00911   464   NtEnumerateKey  (156, 2, Basic, 288, ... {LastWrite={0xfe4e13de,0x1c7a3a9}, TitleIdx=0, Name= (156, 2, Basic, 288, ... {LastWrite={0xfe4e13de,0x1c7a3a9}, TitleIdx=0, Name="MSHist012007053120070601"}, 64, ) }, 64, ) == 0x0
 00912   464   NtOpenKey  (0xf, {24, 156, 0x40, 0, 0,  (0xf, {24, 156, 0x40, 0, 0, "MSHist012007053120070601"}, ... 152, ) }, ... 152, ) == 0x0
 00913   464   NtQueryValueKey  (152,  (152, "CacheRepair", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheRepair", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00914   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00915   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\03\01\02\00\00\07\00\06\00\01\0\\0\0\0"}, 162, ) , Partial, 162, ... TitleIdx=0, Type=2, Data= (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\03\01\02\00\00\07\00\06\00\01\0\\0\0\0"}, 162, ) }, 162, ) == 0x0
 00916   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00917   464   NtQueryValueKey  (152,  (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\03\01\02\00\00\07\00\06\00\01\0\\0\0\0"}, 162, ) , Partial, 162, ... TitleIdx=0, Type=2, Data= (152, "CachePath", Partial, 162, ... TitleIdx=0, Type=2, Data="%\0U\0S\0E\0R\0P\0R\0O\0F\0I\0L\0E\0%\0\\0L\0o\0c\0a\0l\0 \0S\0e\0t\0t\0i\0n\0g\0s\0\\0H\0i\0s\0t\0o\0r\0y\0\\0H\0i\0s\0t\0o\0r\0y\0.\0I\0E\05\0\\0M\0S\0H\0i\0s\0t\00\01\02\00\00\07\00\05\03\01\02\00\00\07\00\06\00\01\0\\0\0\0"}, 162, ) }, 162, ) == 0x0
 00918   464   NtQueryValueKey  (152,  (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\03\01\02\00\00\07\00\06\00\01\0:\0 \0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\03\01\02\00\00\07\00\06\00\01\0:\0 \0\0\0"}, 52, ) }, 52, ) == 0x0
 00919   464   NtQueryValueKey  (152,  (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\03\01\02\00\00\07\00\06\00\01\0:\0 \0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (152, "CachePrefix", Partial, 144, ... TitleIdx=0, Type=1, Data=":\02\00\00\07\00\05\03\01\02\00\00\07\00\06\00\01\0:\0 \0\0\0"}, 52, ) }, 52, ) == 0x0
 00920   464   NtQueryValueKey  (152,  (152, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheLimit", Partial, 144, ... TitleIdx=0, Type=4, Data="\0 \0\0"}, 16, ) }, 16, ) == 0x0
 00921   464   NtQueryValueKey  (152,  (152, "CacheOptions", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (152, "CacheOptions", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) }, 16, ) == 0x0
 00922   464   NtClose  (152, ... ) == 0x0
 00923   464   NtEnumerateKey  (156, 3, Basic, 288, ... ) == STATUS_NO_MORE_ENTRIES
 00924   464   NtReleaseMutant  (108, ... 0x0, ) == 0x0
 00925   464   NtClose  (156, ... ) == 0x0
 00926   464   NtWaitForSingleObject  (116, 0, 0x0, ... ) == 0x0
 00927   464   NtQueryInformationFile  (112, 1244584, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00928   464   NtReleaseMutant  (116, ... 0x0, ) == 0x0
 00929   464   NtWaitForSingleObject  (116, 0, 0x0, ... ) == 0x0
 00930   464   NtQueryInformationFile  (112, 1244656, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00931   464   NtReleaseMutant  (116, ... 0x0, ) == 0x0
 00932   464   NtOpenKey  (0x1, {24, 12, 0x40, 0, 0,  (0x1, {24, 12, 0x40, 0, 0, "SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00933   464   NtOpenKey  (0x1, {24, 12, 0x40, 0, 0,  (0x1, {24, 12, 0x40, 0, 0, "SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00934   464   NtOpenKey  (0x1, {24, 12, 0x40, 0, 0,  (0x1, {24, 12, 0x40, 0, 0, "SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00935   464   NtOpenKey  (0x1, {24, 12, 0x40, 0, 0,  (0x1, {24, 12, 0x40, 0, 0, "SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00936   464   NtOpenKey  (0x1, {24, 12, 0x40, 0, 0,  (0x1, {24, 12, 0x40, 0, 0, "SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00937   464   NtAllocateVirtualMemory  (-1, 1359872, 0, 4096, 4096, 4, ... 1359872, 4096, ) == 0x0
 00938   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"}, ... 156, ) }, ... 156, ) == 0x0
 00939   464   NtQueryValueKey  (156,  (156, "DisableWorkerThreadHibernation", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00940   464   NtClose  (156, ... ) == 0x0
 00941   464   NtQueryValueKey  (96,  (96, "DisableWorkerThreadHibernation", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00942   464   NtQueryValueKey  (96,  (96, "DisableReadRange", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00943   464   NtQueryValueKey  (96,  (96, "SocketSendBufferLength", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00944   464   NtQueryValueKey  (96,  (96, "SocketReceiveBufferLength", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00945   464   NtQueryValueKey  (96,  (96, "KeepAliveTimeout", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00946   464   NtQueryValueKey  (96,  (96, "MaxHttpRedirects", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00947   464   NtQueryValueKey  (96,  (96, "MaxConnectionsPerServer", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00948   464   NtQueryValueKey  (96,  (96, "MaxConnectionsPer1_0Server", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00949   464   NtQueryValueKey  (96,  (96, "ServerInfoTimeout", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00950   464   NtQueryValueKey  (96,  (96, "ReceiveTimeOut", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00951   464   NtQueryValueKey  (96,  (96, "DisableNTLMPreAuth", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00952   464   NtQueryValueKey  (96,  (96, "ScavengeCacheLowerBound", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00953   464   NtOpenKey  (0x1, {24, 12, 0x40, 0, 0,  (0x1, {24, 12, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache"}, ... 156, ) }, ... 156, ) == 0x0
 00954   464   NtQueryValueKey  (156,  (156, "ScavengeCacheFileLifeTime", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00955   464   NtClose  (156, ... ) == 0x0
 00956   464   NtQueryValueKey  (96,  (96, "HttpDefaultExpiryTimeSecs", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00957   464   NtQueryValueKey  (96,  (96, "FtpDefaultExpiryTimeSecs", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00958   464   NtQueryValueKey  (96,  (96, "GopherDefaultExpiryTimeSecs", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00959   464   NtQueryValueKey  (96,  (96, "DisableCachingOfSSLPages", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00960   464   NtQueryValueKey  (96,  (96, "PerUserCookies", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00961   464   NtQueryValueKey  (96,  (96, "LeashLegacyCookies", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00962   464   NtQueryValueKey  (96,  (96, "DisableNT4RasCheck", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00963   464   NtQueryValueKey  (96,  (96, "DialupUseLanSettings", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00964   464   NtQueryValueKey  (96,  (96, "SendExtraCRLF", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00965   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"}, ... 156, ) }, ... 156, ) == 0x0
 00966   464   NtQueryValueKey  (156,  (156, "DontUseDNSLoadBalancing", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00967   464   NtClose  (156, ... ) == 0x0
 00968   464   NtQueryValueKey  (96,  (96, "DontUseDNSLoadBalancing", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00969   464   NtQueryValueKey  (96,  (96, "NonBlockingClient32", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00970   464   NtQueryValueKey  (96,  (96, "MimeExclusionListForCache", Partial, 144, ... TitleIdx=0, Type=1, Data="m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0m\0i\0x\0e\0d\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0m\0i\0x\0e\0d\0-\0r\0e\0p\0l\0a\0c\0e\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0b\0y\0t\0e\0r\0a\0n\0g\0e\0s\0 \0\0\0"}, 144, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (96, "MimeExclusionListForCache", Partial, 144, ... TitleIdx=0, Type=1, Data="m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0m\0i\0x\0e\0d\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0m\0i\0x\0e\0d\0-\0r\0e\0p\0l\0a\0c\0e\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0b\0y\0t\0e\0r\0a\0n\0g\0e\0s\0 \0\0\0"}, 144, ) }, 144, ) == 0x0
 00971   464   NtQueryValueKey  (96,  (96, "MimeExclusionListForCache", Partial, 144, ... TitleIdx=0, Type=1, Data="m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0m\0i\0x\0e\0d\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0m\0i\0x\0e\0d\0-\0r\0e\0p\0l\0a\0c\0e\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0b\0y\0t\0e\0r\0a\0n\0g\0e\0s\0 \0\0\0"}, 144, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (96, "MimeExclusionListForCache", Partial, 144, ... TitleIdx=0, Type=1, Data="m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0m\0i\0x\0e\0d\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0m\0i\0x\0e\0d\0-\0r\0e\0p\0l\0a\0c\0e\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0b\0y\0t\0e\0r\0a\0n\0g\0e\0s\0 \0\0\0"}, 144, ) }, 144, ) == 0x0
 00972   464   NtQueryValueKey  (96,  (96, "MimeExclusionListForCache", Partial, 144, ... TitleIdx=0, Type=1, Data="m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0m\0i\0x\0e\0d\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0m\0i\0x\0e\0d\0-\0r\0e\0p\0l\0a\0c\0e\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0b\0y\0t\0e\0r\0a\0n\0g\0e\0s\0 \0\0\0"}, 144, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (96, "MimeExclusionListForCache", Partial, 144, ... TitleIdx=0, Type=1, Data="m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0m\0i\0x\0e\0d\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0m\0i\0x\0e\0d\0-\0r\0e\0p\0l\0a\0c\0e\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0b\0y\0t\0e\0r\0a\0n\0g\0e\0s\0 \0\0\0"}, 144, ) }, 144, ) == 0x0
 00973   464   NtQueryValueKey  (96,  (96, "MimeExclusionListForCache", Partial, 144, ... TitleIdx=0, Type=1, Data="m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0m\0i\0x\0e\0d\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0m\0i\0x\0e\0d\0-\0r\0e\0p\0l\0a\0c\0e\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0b\0y\0t\0e\0r\0a\0n\0g\0e\0s\0 \0\0\0"}, 144, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (96, "MimeExclusionListForCache", Partial, 144, ... TitleIdx=0, Type=1, Data="m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0m\0i\0x\0e\0d\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0m\0i\0x\0e\0d\0-\0r\0e\0p\0l\0a\0c\0e\0 \0m\0u\0l\0t\0i\0p\0a\0r\0t\0/\0x\0-\0b\0y\0t\0e\0r\0a\0n\0g\0e\0s\0 \0\0\0"}, 144, ) }, 144, ) == 0x0
 00974   464   NtQueryValueKey  (96,  (96, "HeaderExclusionListForCache", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00975   464   NtQueryValueKey  (96,  (96, "DnsCacheEnabled", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00976   464   NtQueryValueKey  (96,  (96, "DnsCacheEntries", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00977   464   NtQueryValueKey  (96,  (96, "DnsCacheTimeout", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00978   464   NtQueryValueKey  (96,  (96, "WarnOnPost", Partial, 144, ... TitleIdx=0, Type=3, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (96, "WarnOnPost", Partial, 144, ... TitleIdx=0, Type=3, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00979   464   NtQueryValueKey  (96,  (96, "WarnAlwaysOnPost", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00980   464   NtQueryValueKey  (96,  (96, "WarnOnZoneCrossing", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00981   464   NtQueryValueKey  (96,  (96, "WarnOnBadCertSending", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00982   464   NtQueryValueKey  (96,  (96, "WarnOnBadCertRecving", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00983   464   NtQueryValueKey  (96,  (96, "WarnOnPostRedirect", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00984   464   NtQueryValueKey  (96,  (96, "AlwaysDrainOnRedirect", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00985   464   NtOpenMutant  (0x100000, {24, 76, 0x0, 0, 0,  (0x100000, {24, 76, 0x0, 0, 0, "WininetStartupMutex"}, ... 156, ) }, ... 156, ) == 0x0
 00986   464   NtCreateEvent  (0x1f0003, 0x0, 1, 1, ... 152, ) == 0x0
 00987   464   NtQueryValueKey  (96,  (96, "GlobalUserOffline", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00988   464   NtWaitForSingleObject  (116, 0, 0x0, ... ) == 0x0
 00989   464   NtQueryInformationFile  (112, 1244632, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00990   464   NtReleaseMutant  (116, ... 0x0, ) == 0x0
 00991   464   NtOpenMutant  (0x100000, {24, 76, 0x0, 0, 0,  (0x100000, {24, 76, 0x0, 0, 0, "WininetConnectionMutex"}, ... 164, ) }, ... 164, ) == 0x0
 00992   464   NtCreateMutant  (0x1f0001, 0x0, 0, ... 168, ) == 0x0
 00993   464   NtOpenMutant  (0x100000, {24, 76, 0x0, 0, 0,  (0x100000, {24, 76, 0x0, 0, 0, "WininetProxyRegistryMutex"}, ... 172, ) }, ... 172, ) == 0x0
 00994   464   NtQueryValueKey  (96,  (96, "EnableAutodial", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (96, "EnableAutodial", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00995   464   NtQueryValueKey  (96,  (96, "NoNetAutodial", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (96, "NoNetAutodial", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00996   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"}, ... 176, ) }, ... 176, ) == 0x0
 00997   464   NtQueryValueKey  (176,  (176, "UrlEncoding", Partial, 144, ... TitleIdx=0, Type=1, Data="0\0x\00\00\00\00\00\00\00\00\0\0\0"}, 34, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (176, "UrlEncoding", Partial, 144, ... TitleIdx=0, Type=1, Data="0\0x\00\00\00\00\00\00\00\00\0\0\0"}, 34, ) }, 34, ) == 0x0
 00998   464   NtQueryValueKey  (176,  (176, "UrlEncoding", Partial, 144, ... TitleIdx=0, Type=1, Data="0\0x\00\00\00\00\00\00\00\00\0\0\0"}, 34, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (176, "UrlEncoding", Partial, 144, ... TitleIdx=0, Type=1, Data="0\0x\00\00\00\00\00\00\00\00\0\0\0"}, 34, ) }, 34, ) == 0x0
 00999   464   NtClose  (176, ... ) == 0x0
 01000   464   NtCreateEvent  (0x1f0003, 0x0, 1, 1, ... 176, ) == 0x0
 01001   464   NtWaitForSingleObject  (176, 0, 0x0, ... ) == 0x0
 01002   464   NtClearEvent  (176, ... ) == 0x0
 01003   464   NtSetEvent  (176, ... 0x0, ) == 0x0
 01004   464   NtOpenKey  (0x2000000, {24, 32, 0x40, 0, 0,  (0x2000000, {24, 32, 0x40, 0, 0, "System\CurrentControlSet\Services\WinSock2\Parameters"}, ... 180, ) }, ... 180, ) == 0x0
 01005   464   NtQueryValueKey  (180,  (180, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (180, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 01006   464   NtQueryValueKey  (180,  (180, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (180, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 01007   464   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 184, ) == 0x0
 01008   464   NtOpenKey  (0x2000000, {24, 180, 0x40, 0, 0,  (0x2000000, {24, 180, 0x40, 0, 0, "Protocol_Catalog9"}, ... 188, ) }, ... 188, ) == 0x0
 01009   464   NtQueryValueKey  (188,  (188, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\31\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (188, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\31\0\0\0"}, 16, ) }, 16, ) == 0x0
 01010   464   NtNotifyChangeKey  (188, 184, 0, 0, 2011390432, 1, 0, 0, 0, 1, ... ) == 0x103
 01011   464   NtQueryValueKey  (188,  (188, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\31\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (188, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\31\0\0\0"}, 16, ) }, 16, ) == 0x0
 01012   464   NtOpenKey  (0x2000000, {24, 188, 0x40, 0, 0,  (0x2000000, {24, 188, 0x40, 0, 0, "00000019"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01013   464   NtQueryValueKey  (188,  (188, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="\376\3\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (188, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="\376\3\0\0"}, 16, ) }, 16, ) == 0x0
 01014   464   NtQueryValueKey  (188,  (188, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (188, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) }, 16, ) == 0x0
 01015   464   NtOpenKey  (0x2000000, {24, 188, 0x40, 0, 0,  (0x2000000, {24, 188, 0x40, 0, 0, "Catalog_Entries"}, ... 192, ) }, ... 192, ) == 0x0
 01016   464   NtAllocateVirtualMemory  (-1, 1363968, 0, 4096, 4096, 4, ... 1363968, 4096, ) == 0x0
 01017   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000001"}, ... 196, ) }, ... 196, ) == 0x0
 01018   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01019   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01020   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\375\3\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\375\3\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\376\3\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\376\3\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\377\3\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\377\3\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\0\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\375\3\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\375\3\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\376\3\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\376\3\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\377\3\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\377\3\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\0\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\377\3\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\0\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\375\3\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\375\3\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\376\3\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\376\3\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\377\3\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\377\3\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\0\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01021   464   NtClose  (196, ... ) == 0x0
 01022   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000002"}, ... 196, ) }, ... 196, ) == 0x0
 01023   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01024   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01025   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\2\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\2\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\3\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\3\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\4\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\4\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\5\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\2\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\2\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\3\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\3\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\4\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\4\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\5\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\4\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\5\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\2\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\2\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\3\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\3\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\4\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\4\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\5\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01026   464   NtClose  (196, ... ) == 0x0
 01027   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000003"}, ... 196, ) }, ... 196, ) == 0x0
 01028   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01029   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01030   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\7\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\7\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\10\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\10\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\11\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\11\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\12\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\7\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\7\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\10\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\10\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\11\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\11\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\12\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\11\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\12\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\7\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\7\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\10\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\10\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\11\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\11\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\12\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01031   464   NtClose  (196, ... ) == 0x0
 01032   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000004"}, ... 196, ) }, ... 196, ) == 0x0
 01033   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01034   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01035   464   NtAllocateVirtualMemory  (-1, 1368064, 0, 4096, 4096, 4, ... 1368064, 4096, ) == 0x0
 01036   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\310\371\252\1\26\0\30\0\10<_u\0\0\0\0|\370\252\1\27\207`u\0\0\0\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\30\371\252\1\17.\365w\13\30\365w\1\0\0\0\0\374\252\1\4\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\17.\365w\0\0\0\0\250\371\252\1 \22\365wO\22\365wT\22\365w\0\0\0\0\204\3\0\0\15\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\15\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\16\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\16\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\17\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\17\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\20\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\310\371\252\1\26\0\30\0\10<_u\0\0\0\0|\370\252\1\27\207`u\0\0\0\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\30\371\252\1\17.\365w\13\30\365w\1\0\0\0\0\374\252\1\4\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\17.\365w\0\0\0\0\250\371\252\1 \22\365wO\22\365wT\22\365w\0\0\0\0\204\3\0\0\15\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\15\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\16\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\16\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\17\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\17\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\20\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\17\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\20\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\310\371\252\1\26\0\30\0\10<_u\0\0\0\0|\370\252\1\27\207`u\0\0\0\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\30\371\252\1\17.\365w\13\30\365w\1\0\0\0\0\374\252\1\4\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\17.\365w\0\0\0\0\250\371\252\1 \22\365wO\22\365wT\22\365w\0\0\0\0\204\3\0\0\15\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\15\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\16\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\16\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\17\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\17\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\20\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01037   464   NtClose  (196, ... ) == 0x0
 01038   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000005"}, ... 196, ) }, ... 196, ) == 0x0
 01039   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01040   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01041   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\17.\365w\13\30\365w\0\0\0\0\4+Y\1\2\0\0\0\1\0\0\0\17.\365w\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\0\0\0\0\362_du\3`du\240\1\10\0\250\5N\1 \0\0\0\0\0\0\0\240\1\10\0\310\5N\1H\344\301\0\0\0\0\0\0\0\0\0\0\0\245\0\0\0\10\0@\5N\1\0\0\0\0\204\3\0\0\22\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\22\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\23\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0\23\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0$\0\0\0\0\0\0\0\2\0\0\0\20\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\360\375\177\211e@\0\0\2\0\0\4\0\0\0t\0r\08\275D\0\12D@\0:n@\0\2\0\0\0\300\12\210\0@\12\210\0\\0s\0t\0r\0\0\360\375\177\0\0\0\0\327SO\200\224\377\22\0Cmk\200\340\377\22\0d\222@\0\30\321@\0\0\0\0\0\360\377\22\0i\353\347w\\0s\0t\0r\0\0\360\375\177\364\214\366\367\310\377\22\0\16jS\200\377\377\377\377\206\273\351w\30Z\351w\0\0\0\0\0\0\0\0\0\0\0\0\206m@\0\0\0\0\0Actx"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\17.\365w\13\30\365w\0\0\0\0\4+Y\1\2\0\0\0\1\0\0\0\17.\365w\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\0\0\0\0\362_du\3`du\240\1\10\0\250\5N\1 \0\0\0\0\0\0\0\240\1\10\0\310\5N\1H\344\301\0\0\0\0\0\0\0\0\0\0\0\245\0\0\0\10\0@\5N\1\0\0\0\0\204\3\0\0\22\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\22\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\23\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0\23\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0$\0\0\0\0\0\0\0\2\0\0\0\20\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\360\375\177\211e@\0\0\2\0\0\4\0\0\0t\0r\08\275D\0\12D@\0:n@\0\2\0\0\0\300\12\210\0@\12\210\0\\0s\0t\0r\0\0\360\375\177\0\0\0\0\327SO\200\224\377\22\0Cmk\200\340\377\22\0d\222@\0\30\321@\0\0\0\0\0\360\377\22\0i\353\347w\\0s\0t\0r\0\0\360\375\177\364\214\366\367\310\377\22\0\16jS\200\377\377\377\377\206\273\351w\30Z\351w\0\0\0\0\0\0\0\0\0\0\0\0\206m@\0\0\0\0\0Actx"}, 900, ) }, 900, ) == 0x0
 01042   464   NtClose  (196, ... ) == 0x0
 01043   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000006"}, ... 196, ) }, ... 196, ) == 0x0
 01044   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01045   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01046   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\356\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\27\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\27\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\30\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\30\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\31\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\31\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\32\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\356\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\27\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\27\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\30\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\30\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\31\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\31\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\32\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\31\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\32\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\356\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\27\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\27\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\30\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\30\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\31\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\31\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\32\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01047   464   NtClose  (196, ... ) == 0x0
 01048   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000007"}, ... 196, ) }, ... 196, ) == 0x0
 01049   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01050   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01051   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\357\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\34\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\34\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\35\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\35\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\36\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\36\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\37\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\357\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\34\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\34\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\35\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\35\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\36\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\36\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\37\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\36\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\37\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\357\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\34\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0\34\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\35\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\35\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0\36\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\36\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\37\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01052   464   NtClose  (196, ... ) == 0x0
 01053   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000008"}, ... 196, ) }, ... 196, ) == 0x0
 01054   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01055   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01056   464   NtAllocateVirtualMemory  (-1, 1372160, 0, 4096, 4096, 4, ... 1372160, 4096, ) == 0x0
 01057   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\360\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0"\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0"\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0#\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0#\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0%\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\360\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0"\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0"\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0#\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0#\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0%\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\360\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0"\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0"\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0#\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0#\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0%\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0%\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\360\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0"\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0"\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0#\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0#\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0$\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0%\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01058   464   NtClose  (196, ... ) == 0x0
 01059   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000009"}, ... 196, ) }, ... 196, ) == 0x0
 01060   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01061   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01062   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\361\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0'\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0'\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0(\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0(\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0)\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0)\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0*\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\361\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0'\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0'\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0(\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0(\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0)\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0)\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0*\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0)\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0*\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\361\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0'\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0'\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0(\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0(\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0)\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0)\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0*\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01063   464   NtClose  (196, ... ) == 0x0
 01064   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000010"}, ... 196, ) }, ... 196, ) == 0x0
 01065   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01066   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01067   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\362\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\0,\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0,\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0-\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0-\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0.\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0.\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0/\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\362\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\0,\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0,\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0-\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0-\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0.\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0.\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0/\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0.\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0/\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0 (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\362\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\0,\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\0,\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0-\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0\300\0\0\0\224\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\30\315\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0-\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\304\0\0\0.\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0.\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0/\4\0\0\314\1\0\0\320\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0\304\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 01068   464   NtClose  (196, ... ) == 0x0
 01069   464   NtOpenKey  (0x20019, {24, 192, 0x40, 0, 0,  (0x20019, {24, 192, 0x40, 0, 0, "000000000011"}, ... 196, ) }, ... 196, ) == 0x0
 01070   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01071   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 01072   464   NtQueryValueKey  (196,  (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\363\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\01\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\01\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\02\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\300\0\0\02\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\03\4\0\0\314\1\0\0\320\1\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\270\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\03\4\0\0\314\1\0\0\320\1\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\04\4\0\0\314\1\0\0\320\1\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\04\4\0\0\314\1\0\0\320\1\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\300\0\0\05\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\0\264\0\0\0\260\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0\350\314\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (196, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\363\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\01\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\304\0\0\01\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\02\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0\300\0\0\02\4\0\0\314\1\0\0\320\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\03\4\0\0\314\1\0\0\320\1\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\270\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\03\4\0\0\314\1\0\0\320\1\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\04\4\0\0\314\1\0\0\320\1\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\04\4\0\0\314\1\0\0\320\1\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0\300\0\0\05\4\0\0\314\1\0\0\320\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\0\264\0\0\0\260\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0\350\314\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) }, 900, ) == 0x0
 01073   464   NtClose  (196, ... ) == 0x0
 01074   464   NtClose  (192, ... ) == 0x0
 01075   464   NtWaitForSingleObject  (184, 0, {0, 0}, ... ) == 0x102
 01076   464   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 192, ) == 0x0
 01077   464   NtOpenKey  (0x2000000, {24, 180, 0x40, 0, 0,  (0x2000000, {24, 180, 0x40, 0, 0, "NameSpace_Catalog5"}, ... 196, ) }, ... 196, ) == 0x0
 01078   464   NtQueryValueKey  (196,  (196, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (196, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) }, 16, ) == 0x0
 01079   464   NtNotifyChangeKey  (196, 192, 0, 0, 2011390432, 1, 0, 0, 0, 1, ... ) == 0x103
 01080   464   NtQueryValueKey  (196,  (196, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (196, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) }, 16, ) == 0x0
 01081   464   NtOpenKey  (0x2000000, {24, 196, 0x40, 0, 0,  (0x2000000, {24, 196, 0x40, 0, 0, "00000004"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01082   464   NtQueryValueKey  (196,  (196, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\3\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (196, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\3\0\0\0"}, 16, ) }, 16, ) == 0x0
 01083   464   NtOpenKey  (0x2000000, {24, 196, 0x40, 0, 0,  (0x2000000, {24, 196, 0x40, 0, 0, "Catalog_Entries"}, ... 200, ) }, ... 200, ) == 0x0
 01084   464   NtOpenKey  (0x20019, {24, 200, 0x40, 0, 0,  (0x20019, {24, 200, 0x40, 0, 0, "000000000001"}, ... 204, ) }, ... 204, ) == 0x0
 01085   464   NtQueryValueKey  (204,  (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 01086   464   NtQueryValueKey  (204,  (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 01087   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 01088   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 01089   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 01090   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 01091   464   NtQueryValueKey  (204,  (204, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (204, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) \236~\317\21\256Z\0\252\0\247\21+"}, 28, ) == 0x0
 01092   464   NtQueryValueKey  (204,  (204, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01093   464   NtQueryValueKey  (204,  (204, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) }, 16, ) == 0x0
 01094   464   NtQueryValueKey  (204,  (204, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 01095   464   NtQueryValueKey  (204,  (204, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01096   464   NtQueryValueKey  (204,  (204, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01097   464   NtClose  (204, ... ) == 0x0
 01098   464   NtAllocateVirtualMemory  (-1, 1376256, 0, 4096, 4096, 4, ... 1376256, 4096, ) == 0x0
 01099   464   NtOpenKey  (0x20019, {24, 200, 0x40, 0, 0,  (0x20019, {24, 200, 0x40, 0, 0, "000000000002"}, ... 204, ) }, ... 204, ) == 0x0
 01100   464   NtQueryValueKey  (204,  (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 01101   464   NtQueryValueKey  (204,  (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 01102   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 01103   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 01104   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 01105   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 01106   464   NtQueryValueKey  (204,  (204, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (204, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) }, 28, ) == 0x0
 01107   464   NtQueryValueKey  (204,  (204, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01108   464   NtQueryValueKey  (204,  (204, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) }, 16, ) == 0x0
 01109   464   NtQueryValueKey  (204,  (204, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 01110   464   NtQueryValueKey  (204,  (204, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01111   464   NtQueryValueKey  (204,  (204, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01112   464   NtClose  (204, ... ) == 0x0
 01113   464   NtOpenKey  (0x20019, {24, 200, 0x40, 0, 0,  (0x20019, {24, 200, 0x40, 0, 0, "000000000003"}, ... 204, ) }, ... 204, ) == 0x0
 01114   464   NtQueryValueKey  (204,  (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 01115   464   NtQueryValueKey  (204,  (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 01116   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 01117   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 01118   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 01119   464   NtQueryValueKey  (204,  (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (204, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 01120   464   NtQueryValueKey  (204,  (204, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (204, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) }, 28, ) == 0x0
 01121   464   NtQueryValueKey  (204,  (204, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01122   464   NtQueryValueKey  (204,  (204, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) }, 16, ) == 0x0
 01123   464   NtQueryValueKey  (204,  (204, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 01124   464   NtQueryValueKey  (204,  (204, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01125   464   NtQueryValueKey  (204,  (204, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (204, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01126   464   NtClose  (204, ... ) == 0x0
 01127   464   NtClose  (200, ... ) == 0x0
 01128   464   NtWaitForSingleObject  (192, 0, {0, 0}, ... ) == 0x102
 01129   464   NtClose  (180, ... ) == 0x0
 01130   464   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 01131   464   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 01132   464   NtOpenKey  (0x1, {24, 32, 0x40, 0, 0,  (0x1, {24, 32, 0x40, 0, 0, "System\CurrentControlSet\Services\Winsock2\Parameters"}, ... 180, ) }, ... 180, ) == 0x0
 01133   464   NtQueryValueKey  (180,  (180, "Ws2_32NumHandleBuckets", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01134   464   NtClose  (180, ... ) == 0x0
 01135   464   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 180, ) == 0x0
 01136   464   NtClearEvent  (152, ... ) == 0x0
 01137   464   NtSetEvent  (152, ... 0x0, ) == 0x0
 01138   464   NtQueryInformationProcess  (-1, DeviceMap, 36, ... {process info, class 23, size 36}, 0x0, ) == 0x0
 01139   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01140   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\"}, 3, 16417, ... 200, {status=0x0, info=1}, ) }, 3, 16417, ... 200, {status=0x0, info=1}, ) == 0x0
 01141   464   NtQueryDirectoryFile  (200, 0, 0, 0, 1243756, 616, BothDirectory, 1,  (200, 0, 0, 0, 1243756, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=118}, ) , 0, ... {status=0x0, info=118}, ) == 0x0
 01142   464   NtAllocateVirtualMemory  (-1, 1380352, 0, 8192, 4096, 4, ... 1380352, 8192, ) == 0x0
 01143   464   NtQueryDirectoryFile  (200, 0, 0, 0, 1378048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4018}, ) == 0x0
 01144   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01145   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\"}, 3, 16417, ... 204, {status=0x0, info=1}, ) }, 3, 16417, ... 204, {status=0x0, info=1}, ) == 0x0
 01146   464   NtQueryDirectoryFile  (204, 0, 0, 0, 1243744, 616, BothDirectory, 1,  (204, 0, 0, 0, 1243744, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01147   464   NtQueryDirectoryFile  (204, 0, 0, 0, 1382248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3982}, ) == 0x0
 01148   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01149   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\"}, 3, 16417, ... 208, {status=0x0, info=1}, ) }, 3, 16417, ... 208, {status=0x0, info=1}, ) == 0x0
 01150   464   NtQueryDirectoryFile  (208, 0, 0, 0, 1243732, 616, BothDirectory, 1,  (208, 0, 0, 0, 1243732, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01151   464   NtAllocateVirtualMemory  (-1, 1388544, 0, 8192, 4096, 4, ... 1388544, 8192, ) == 0x0
 01152   464   NtQueryDirectoryFile  (208, 0, 0, 0, 1386448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4094}, ) == 0x0
 01153   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01154   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01155   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01156   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1390648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=2666}, ) == 0x0
 01157   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01158   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01159   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01160   464   NtAllocateVirtualMemory  (-1, 1396736, 0, 8192, 4096, 4, ... 1396736, 8192, ) == 0x0
 01161   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1394848, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1692}, ) == 0x0
 01162   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01163   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01164   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01165   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=692}, ) == 0x0
 01166   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01167   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\"}, 3, 16417, ... 224, {status=0x0, info=1}, ) }, 3, 16417, ... 224, {status=0x0, info=1}, ) == 0x0
 01168   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1,  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01169   464   NtAllocateVirtualMemory  (-1, 1404928, 0, 8192, 4096, 4, ... 1404928, 8192, ) == 0x0
 01170   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=208}, ) == 0x0
 01171   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01172   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\F-Secure\"}, 3, 16417, ... 228, {status=0x0, info=1}, ) }, 3, 16417, ... 228, {status=0x0, info=1}, ) == 0x0
 01173   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1,  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01174   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=212}, ) == 0x0
 01175   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01176   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\F-Secure\Anti-Virus\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01177   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01178   464   NtAllocateVirtualMemory  (-1, 1413120, 0, 8192, 4096, 4, ... 1413120, 8192, ) == 0x0
 01179   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01180   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01181   464   NtClose  (232, ... ) == 0x0
 01182   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01183   464   NtClose  (228, ... ) == 0x0
 01184   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01185   464   NtClose  (224, ... ) == 0x0
 01186   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01187   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\History\"}, 3, 16417, ... 224, {status=0x0, info=1}, ) }, 3, 16417, ... 224, {status=0x0, info=1}, ) == 0x0
 01188   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1,  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01189   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=332}, ) == 0x0
 01190   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01191   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\"}, 3, 16417, ... 228, {status=0x0, info=1}, ) }, 3, 16417, ... 228, {status=0x0, info=1}, ) == 0x0
 01192   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1,  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01193   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=474}, ) == 0x0
 01194   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01195   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007011620070117\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01196   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01197   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=216}, ) == 0x0
 01198   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01199   464   NtClose  (232, ... ) == 0x0
 01200   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01201   464   NtClose  (228, ... ) == 0x0
 01202   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01203   464   NtClose  (224, ... ) == 0x0
 01204   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01205   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\"}, 3, 16417, ... 224, {status=0x0, info=1}, ) }, 3, 16417, ... 224, {status=0x0, info=1}, ) == 0x0
 01206   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1,  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01207   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=332}, ) == 0x0
 01208   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01209   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\"}, 3, 16417, ... 228, {status=0x0, info=1}, ) }, 3, 16417, ... 228, {status=0x0, info=1}, ) == 0x0
 01210   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1,  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01211   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=784}, ) == 0x0
 01212   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01213   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KASP1H0O\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01214   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01215   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=220}, ) == 0x0
 01216   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01217   464   NtClose  (232, ... ) == 0x0
 01218   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01219   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L014ODDE\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01220   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01221   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=220}, ) == 0x0
 01222   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01223   464   NtClose  (232, ... ) == 0x0
 01224   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01225   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\22NJR936\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01226   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01227   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=220}, ) == 0x0
 01228   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01229   464   NtClose  (232, ... ) == 0x0
 01230   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01231   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OWIVSBA9\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01232   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01233   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=220}, ) == 0x0
 01234   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01235   464   NtClose  (232, ... ) == 0x0
 01236   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01237   464   NtClose  (228, ... ) == 0x0
 01238   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01239   464   NtClose  (224, ... ) == 0x0
 01240   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01241   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\"}, 3, 16417, ... 224, {status=0x0, info=1}, ) }, 3, 16417, ... 224, {status=0x0, info=1}, ) == 0x0
 01242   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1,  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01243   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01244   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01245   464   NtClose  (224, ... ) == 0x0
 01246   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01247   464   NtClose  (220, ... ) == 0x0
 01248   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01249   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Templates\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01250   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01251   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1522}, ) == 0x0
 01252   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01253   464   NtClose  (220, ... ) == 0x0
 01254   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01255   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Start Menu\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01256   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01257   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=324}, ) == 0x0
 01258   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01259   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\"}, 3, 16417, ... 224, {status=0x0, info=1}, ) }, 3, 16417, ... 224, {status=0x0, info=1}, ) == 0x0
 01260   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1,  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01261   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=716}, ) == 0x0
 01262   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01263   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\"}, 3, 16417, ... 228, {status=0x0, info=1}, ) }, 3, 16417, ... 228, {status=0x0, info=1}, ) == 0x0
 01264   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1,  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01265   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1248}, ) == 0x0
 01266   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01267   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01268   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01269   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=220}, ) == 0x0
 01270   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01271   464   NtClose  (232, ... ) == 0x0
 01272   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01273   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01274   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01275   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=722}, ) == 0x0
 01276   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01277   464   NtClose  (232, ... ) == 0x0
 01278   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01279   464   NtClose  (228, ... ) == 0x0
 01280   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01281   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\"}, 3, 16417, ... 228, {status=0x0, info=1}, ) }, 3, 16417, ... 228, {status=0x0, info=1}, ) == 0x0
 01282   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1,  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01283   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=220}, ) == 0x0
 01284   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01285   464   NtClose  (228, ... ) == 0x0
 01286   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01287   464   NtClose  (224, ... ) == 0x0
 01288   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01289   464   NtClose  (220, ... ) == 0x0
 01290   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01291   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\SendTo\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01292   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01293   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=694}, ) == 0x0
 01294   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01295   464   NtClose  (220, ... ) == 0x0
 01296   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01297   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Recent\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01298   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01299   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01300   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01301   464   NtClose  (220, ... ) == 0x0
 01302   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01303   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\PrintHood\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01304   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01305   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01306   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01307   464   NtClose  (220, ... ) == 0x0
 01308   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01309   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\My Documents\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01310   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01311   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01312   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01313   464   NtClose  (220, ... ) == 0x0
 01314   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01315   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\NetHood\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01316   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01317   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01318   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01319   464   NtClose  (220, ... ) == 0x0
 01320   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01321   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Favorites\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01322   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01323   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01324   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01325   464   NtClose  (220, ... ) == 0x0
 01326   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01327   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Desktop\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01328   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01329   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01330   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01331   464   NtClose  (220, ... ) == 0x0
 01332   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01333   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Cookies\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01334   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01335   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=216}, ) == 0x0
 01336   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01337   464   NtClose  (220, ... ) == 0x0
 01338   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01339   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Application Data\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01340   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01341   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=332}, ) == 0x0
 01342   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01343   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\"}, 3, 16417, ... 224, {status=0x0, info=1}, ) }, 3, 16417, ... 224, {status=0x0, info=1}, ) == 0x0
 01344   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1,  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01345   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=356}, ) == 0x0
 01346   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01347   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\"}, 3, 16417, ... 228, {status=0x0, info=1}, ) }, 3, 16417, ... 228, {status=0x0, info=1}, ) == 0x0
 01348   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1,  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01349   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=340}, ) == 0x0
 01350   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01351   464   NtClose  (228, ... ) == 0x0
 01352   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01353   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\"}, 3, 16417, ... 228, {status=0x0, info=1}, ) }, 3, 16417, ... 228, {status=0x0, info=1}, ) == 0x0
 01354   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1,  (228, 0, 0, 0, 1243672, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01355   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=196}, ) == 0x0
 01356   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01357   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\"}, 3, 16417, ... 232, {status=0x0, info=1}, ) }, 3, 16417, ... 232, {status=0x0, info=1}, ) == 0x0
 01358   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1,  (232, 0, 0, 0, 1243660, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01359   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=420}, ) == 0x0
 01360   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01361   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\"}, 3, 16417, ... 236, {status=0x0, info=1}, ) }, 3, 16417, ... 236, {status=0x0, info=1}, ) == 0x0
 01362   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1243648, 616, BothDirectory, 1,  (236, 0, 0, 0, 1243648, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01363   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1415848, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01364   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1415848, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01365   464   NtClose  (236, ... ) == 0x0
 01366   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01367   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\"}, 3, 16417, ... 236, {status=0x0, info=1}, ) }, 3, 16417, ... 236, {status=0x0, info=1}, ) == 0x0
 01368   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1243648, 616, BothDirectory, 1,  (236, 0, 0, 0, 1243648, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01369   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1415848, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01370   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1415848, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01371   464   NtClose  (236, ... ) == 0x0
 01372   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01373   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\"}, 3, 16417, ... 236, {status=0x0, info=1}, ) }, 3, 16417, ... 236, {status=0x0, info=1}, ) == 0x0
 01374   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1243648, 616, BothDirectory, 1,  (236, 0, 0, 0, 1243648, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01375   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1415848, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01376   464   NtQueryDirectoryFile  (236, 0, 0, 0, 1415848, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01377   464   NtClose  (236, ... ) == 0x0
 01378   464   NtQueryDirectoryFile  (232, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01379   464   NtClose  (232, ... ) == 0x0
 01380   464   NtQueryDirectoryFile  (228, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01381   464   NtClose  (228, ... ) == 0x0
 01382   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01383   464   NtClose  (224, ... ) == 0x0
 01384   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1399048, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01385   464   NtClose  (220, ... ) == 0x0
 01386   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1394848, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01387   464   NtClose  (216, ... ) == 0x0
 01388   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1390648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01389   464   NtClose  (212, ... ) == 0x0
 01390   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01391   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\drivers\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01392   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01393   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4038}, ) == 0x0
 01394   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01395   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\drivers\etc\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01396   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01397   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=662}, ) == 0x0
 01398   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01399   464   NtClose  (216, ... ) == 0x0
 01400   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01401   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\drivers\disdn\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01402   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01403   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01404   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01405   464   NtClose  (216, ... ) == 0x0
 01406   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4092}, ) == 0x0
 01407   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3996}, ) == 0x0
 01408   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4026}, ) == 0x0
 01409   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=2222}, ) == 0x0
 01410   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01411   464   NtClose  (212, ... ) == 0x0
 01412   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01413   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\ras\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01414   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01415   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=794}, ) == 0x0
 01416   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01417   464   NtClose  (212, ... ) == 0x0
 01418   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01419   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\spool\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01420   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01421   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=438}, ) == 0x0
 01422   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01423   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\spool\drivers\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01424   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01425   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=320}, ) == 0x0
 01426   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01427   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\spool\drivers\w32x86\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01428   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01429   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=200}, ) == 0x0
 01430   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01431   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\spool\drivers\w32x86\3\"}, 3, 16417, ... 224, {status=0x0, info=1}, ) }, 3, 16417, ... 224, {status=0x0, info=1}, ) == 0x0
 01432   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1,  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01433   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1415848, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01434   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1415848, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01435   464   NtClose  (224, ... ) == 0x0
 01436   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01437   464   NtClose  (220, ... ) == 0x0
 01438   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01439   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\spool\drivers\color\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01440   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01441   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1360}, ) == 0x0
 01442   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01443   464   NtClose  (220, ... ) == 0x0
 01444   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01445   464   NtClose  (216, ... ) == 0x0
 01446   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01447   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\spool\prtprocs\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01448   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01449   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=210}, ) == 0x0
 01450   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01451   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\spool\prtprocs\w32x86\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01452   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01453   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01454   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01455   464   NtClose  (220, ... ) == 0x0
 01456   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01457   464   NtClose  (216, ... ) == 0x0
 01458   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01459   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\spool\PRINTERS\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01460   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01461   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01462   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01463   464   NtClose  (216, ... ) == 0x0
 01464   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01465   464   NtClose  (212, ... ) == 0x0
 01466   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01467   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wins\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01468   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01469   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01470   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01471   464   NtClose  (212, ... ) == 0x0
 01472   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01473   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\dhcp\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01474   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01475   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01476   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01477   464   NtClose  (212, ... ) == 0x0
 01478   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01479   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\ShellExt\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01480   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01481   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01482   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01483   464   NtClose  (212, ... ) == 0x0
 01484   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01485   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\Setup\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01486   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01487   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1972}, ) == 0x0
 01488   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01489   464   NtClose  (212, ... ) == 0x0
 01490   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01491   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01492   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01493   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3984}, ) == 0x0
 01494   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01495   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\mof\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01496   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01497   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=308}, ) == 0x0
 01498   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01499   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\mof\good\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01500   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01501   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01502   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01503   464   NtClose  (220, ... ) == 0x0
 01504   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01505   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\mof\bad\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01506   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01507   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01508   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01509   464   NtClose  (220, ... ) == 0x0
 01510   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01511   464   NtClose  (216, ... ) == 0x0
 01512   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01513   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\xml\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01514   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01515   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=444}, ) == 0x0
 01516   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01517   464   NtClose  (216, ... ) == 0x0
 01518   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01519   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\wmiadap.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01520   464   NtClose  (216, ... ) == 0x0
 01521   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01522   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\wmiapsrv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01523   464   NtClose  (216, ... ) == 0x0
 01524   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01525   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\wmic.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01526   464   NtClose  (216, ... ) == 0x0
 01527   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4046}, ) == 0x0
 01528   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01529   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\mofcomp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01530   464   NtClose  (216, ... ) == 0x0
 01531   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01532   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\scrcons.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01533   464   NtClose  (216, ... ) == 0x0
 01534   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3988}, ) == 0x0
 01535   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01536   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\snmp\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01537   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01538   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 01539   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01540   464   NtClose  (216, ... ) == 0x0
 01541   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01542   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\unsecapp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01543   464   NtClose  (216, ... ) == 0x0
 01544   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01545   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\wbemtest.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01546   464   NtClose  (216, ... ) == 0x0
 01547   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01548   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\winmgmt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01549   464   NtClose  (216, ... ) == 0x0
 01550   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01551   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\Logs\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01552   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01553   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1164}, ) == 0x0
 01554   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01555   464   NtClose  (216, ... ) == 0x0
 01556   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01557   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\Performance\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01558   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01559   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=330}, ) == 0x0
 01560   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01561   464   NtClose  (216, ... ) == 0x0
 01562   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4084}, ) == 0x0
 01563   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01564   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\wbem\wmiprvse.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01565   464   NtClose  (216, ... ) == 0x0
 01566   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=2120}, ) == 0x0
 01567   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01568   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\Repository\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 01569   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01570   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=320}, ) == 0x0
 01571   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01572   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\wbem\Repository\FS\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 01573   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01574   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=560}, ) == 0x0
 01575   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01576   464   NtClose  (220, ... ) == 0x0
 01577   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01578   464   NtClose  (216, ... ) == 0x0
 01579   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01580   464   NtClose  (212, ... ) == 0x0
 01581   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01582   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\npp\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01583   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01584   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=342}, ) == 0x0
 01585   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01586   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\npp\nppagent.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01587   464   NtClose  (216, ... ) == 0x0
 01588   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01589   464   NtClose  (212, ... ) == 0x0
 01590   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01591   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\ias\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01592   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01593   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=324}, ) == 0x0
 01594   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 01595   464   NtClose  (212, ... ) == 0x0
 01596   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01597   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\dllcache\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 01598   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 01599   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4020}, ) == 0x0
 01600   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01601   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fp98sadm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01602   464   NtClose  (216, ... ) == 0x0
 01603   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01604   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fp98swin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01605   464   NtClose  (216, ... ) == 0x0
 01606   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01607   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fpcount.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01608   464   NtClose  (216, ... ) == 0x0
 01609   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4022}, ) == 0x0
 01610   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01611   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fpremadm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01612   464   NtClose  (216, ... ) == 0x0
 01613   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01614   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\iisreset.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01615   464   NtClose  (216, ... ) == 0x0
 01616   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01617   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\admin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01618   464   NtClose  (216, ... ) == 0x0
 01619   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01620   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\iisrstas.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01621   464   NtClose  (216, ... ) == 0x0
 01622   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01623   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ahui.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01624   464   NtClose  (216, ... ) == 0x0
 01625   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01626   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\inetmgr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01627   464   NtClose  (216, ... ) == 0x0
 01628   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4022}, ) == 0x0
 01629   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01630   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\author.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01631   464   NtClose  (216, ... ) == 0x0
 01632   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01633   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cfgwiz.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01634   464   NtClose  (216, ... ) == 0x0
 01635   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4058}, ) == 0x0
 01636   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4042}, ) == 0x0
 01637   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01638   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\logagent.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01639   464   NtClose  (216, ... ) == 0x0
 01640   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01641   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mplayer2.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01642   464   NtClose  (216, ... ) == 0x0
 01643   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01644   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sdbinst.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01645   464   NtClose  (216, ... ) == 0x0
 01646   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01647   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sfc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01648   464   NtClose  (216, ... ) == 0x0
 01649   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01650   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\shtml.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01651   464   NtClose  (216, ... ) == 0x0
 01652   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4084}, ) == 0x0
 01653   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01654   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sysocmgr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01655   464   NtClose  (216, ... ) == 0x0
 01656   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01657   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tcptest.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01658   464   NtClose  (216, ... ) == 0x0
 01659   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4070}, ) == 0x0
 01660   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01661   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\twunk_16.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01662   464   NtClose  (216, ... ) == 0x0
 01663   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01664   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\twunk_32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01665   464   NtClose  (216, ... ) == 0x0
 01666   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01667   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\odbcad32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01668   464   NtClose  (216, ... ) == 0x0
 01669   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01670   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\odbcconf.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01671   464   NtClose  (216, ... ) == 0x0
 01672   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4074}, ) == 0x0
 01673   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01674   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winlogon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01675   464   NtClose  (216, ... ) == 0x0
 01676   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01677   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\unregmp2.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01678   464   NtClose  (216, ... ) == 0x0
 01679   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01680   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\agentsvr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01681   464   NtClose  (216, ... ) == 0x0
 01682   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4038}, ) == 0x0
 01683   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01684   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\accwiz.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01685   464   NtClose  (216, ... ) == 0x0
 01686   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01687   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\alg.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01688   464   NtClose  (216, ... ) == 0x0
 01689   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01690   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\append.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01691   464   NtClose  (216, ... ) == 0x0
 01692   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01693   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\arp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01694   464   NtClose  (216, ... ) == 0x0
 01695   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01696   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\actmovie.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01697   464   NtClose  (216, ... ) == 0x0
 01698   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4050}, ) == 0x0
 01699   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01700   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\asr_fmt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01701   464   NtClose  (216, ... ) == 0x0
 01702   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01703   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\asr_ldm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01704   464   NtClose  (216, ... ) == 0x0
 01705   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01706   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\at.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01707   464   NtClose  (216, ... ) == 0x0
 01708   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01709   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\atmadm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01710   464   NtClose  (216, ... ) == 0x0
 01711   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01712   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\autochk.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01713   464   NtClose  (216, ... ) == 0x0
 01714   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01715   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\autoconv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01716   464   NtClose  (216, ... ) == 0x0
 01717   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01718   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\attrib.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01719   464   NtClose  (216, ... ) == 0x0
 01720   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4002}, ) == 0x0
 01721   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01722   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\autofmt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01723   464   NtClose  (216, ... ) == 0x0
 01724   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01725   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\autolfn.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01726   464   NtClose  (216, ... ) == 0x0
 01727   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01728   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\bckgzm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01729   464   NtClose  (216, ... ) == 0x0
 01730   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01731   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\change.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01732   464   NtClose  (216, ... ) == 0x0
 01733   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4046}, ) == 0x0
 01734   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01735   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\charmap.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01736   464   NtClose  (216, ... ) == 0x0
 01737   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01738   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\chglogon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01739   464   NtClose  (216, ... ) == 0x0
 01740   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01741   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\bootcfg.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01742   464   NtClose  (216, ... ) == 0x0
 01743   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01744   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\chgport.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01745   464   NtClose  (216, ... ) == 0x0
 01746   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01747   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\chgusr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01748   464   NtClose  (216, ... ) == 0x0
 01749   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01750   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\chkdsk.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01751   464   NtClose  (216, ... ) == 0x0
 01752   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01753   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\bootok.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01754   464   NtClose  (216, ... ) == 0x0
 01755   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01756   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\chkrzm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01757   464   NtClose  (216, ... ) == 0x0
 01758   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01759   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\chkntfs.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01760   464   NtClose  (216, ... ) == 0x0
 01761   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01762   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\bootvrfy.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01763   464   NtClose  (216, ... ) == 0x0
 01764   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01765   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cidaemon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01766   464   NtClose  (216, ... ) == 0x0
 01767   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01768   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cintsetp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01769   464   NtClose  (216, ... ) == 0x0
 01770   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01771   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cipher.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01772   464   NtClose  (216, ... ) == 0x0
 01773   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01774   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cisvc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01775   464   NtClose  (216, ... ) == 0x0
 01776   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4022}, ) == 0x0
 01777   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01778   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ckcnv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01779   464   NtClose  (216, ... ) == 0x0
 01780   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01781   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cmd.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01782   464   NtClose  (216, ... ) == 0x0
 01783   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01784   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cleanmgr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01785   464   NtClose  (216, ... ) == 0x0
 01786   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01787   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\clipbrd.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01788   464   NtClose  (216, ... ) == 0x0
 01789   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01790   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\clipsrv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01791   464   NtClose  (216, ... ) == 0x0
 01792   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01793   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cmdl32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01794   464   NtClose  (216, ... ) == 0x0
 01795   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01796   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cmmon32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01797   464   NtClose  (216, ... ) == 0x0
 01798   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01799   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cacls.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01800   464   NtClose  (216, ... ) == 0x0
 01801   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01802   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\calc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01803   464   NtClose  (216, ... ) == 0x0
 01804   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01805   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cmstp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01806   464   NtClose  (216, ... ) == 0x0
 01807   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01808   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\compact.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01809   464   NtClose  (216, ... ) == 0x0
 01810   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01811   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\comp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01812   464   NtClose  (216, ... ) == 0x0
 01813   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4044}, ) == 0x0
 01814   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01815   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\conf.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01816   464   NtClose  (216, ... ) == 0x0
 01817   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01818   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\comrepl.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01819   464   NtClose  (216, ... ) == 0x0
 01820   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01821   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\comrereg.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01822   464   NtClose  (216, ... ) == 0x0
 01823   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01824   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cb32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01825   464   NtClose  (216, ... ) == 0x0
 01826   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01827   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\conime.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01828   464   NtClose  (216, ... ) == 0x0
 01829   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01830   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\control.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01831   464   NtClose  (216, ... ) == 0x0
 01832   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01833   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\convert.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01834   464   NtClose  (216, ... ) == 0x0
 01835   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4038}, ) == 0x0
 01836   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01837   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\convlog.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01838   464   NtClose  (216, ... ) == 0x0
 01839   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01840   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cplexe.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01841   464   NtClose  (216, ... ) == 0x0
 01842   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01843   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cprofile.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01844   464   NtClose  (216, ... ) == 0x0
 01845   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01846   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\csrss.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01847   464   NtClose  (216, ... ) == 0x0
 01848   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01849   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\cscript.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01850   464   NtClose  (216, ... ) == 0x0
 01851   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01852   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ctfmon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01853   464   NtClose  (216, ... ) == 0x0
 01854   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01855   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dfrgntfs.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01856   464   NtClose  (216, ... ) == 0x0
 01857   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4030}, ) == 0x0
 01858   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01859   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dialer.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01860   464   NtClose  (216, ... ) == 0x0
 01861   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01862   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\diantz.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01863   464   NtClose  (216, ... ) == 0x0
 01864   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01865   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\diskpart.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01866   464   NtClose  (216, ... ) == 0x0
 01867   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01868   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\diskperf.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01869   464   NtClose  (216, ... ) == 0x0
 01870   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01871   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dlimport.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01872   464   NtClose  (216, ... ) == 0x0
 01873   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01874   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dllhost.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01875   464   NtClose  (216, ... ) == 0x0
 01876   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01877   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dllhst3g.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01878   464   NtClose  (216, ... ) == 0x0
 01879   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01880   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dmadmin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01881   464   NtClose  (216, ... ) == 0x0
 01882   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01883   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\davcdata.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01884   464   NtClose  (216, ... ) == 0x0
 01885   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4046}, ) == 0x0
 01886   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01887   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dmremote.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01888   464   NtClose  (216, ... ) == 0x0
 01889   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01890   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dosx.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01891   464   NtClose  (216, ... ) == 0x0
 01892   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01893   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\doskey.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01894   464   NtClose  (216, ... ) == 0x0
 01895   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01896   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dplaysvr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01897   464   NtClose  (216, ... ) == 0x0
 01898   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01899   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dcomcnfg.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01900   464   NtClose  (216, ... ) == 0x0
 01901   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4026}, ) == 0x0
 01902   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01903   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ddeshare.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01904   464   NtClose  (216, ... ) == 0x0
 01905   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01906   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dpnsvr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01907   464   NtClose  (216, ... ) == 0x0
 01908   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01909   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\debug.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01910   464   NtClose  (216, ... ) == 0x0
 01911   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01912   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\defrag.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01913   464   NtClose  (216, ... ) == 0x0
 01914   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01915   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dpvsetup.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01916   464   NtClose  (216, ... ) == 0x0
 01917   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01918   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\drvqry.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01919   464   NtClose  (216, ... ) == 0x0
 01920   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01921   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\drwatson.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01922   464   NtClose  (216, ... ) == 0x0
 01923   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01924   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\drwtsn32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01925   464   NtClose  (216, ... ) == 0x0
 01926   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4038}, ) == 0x0
 01927   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01928   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dfrgfat.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01929   464   NtClose  (216, ... ) == 0x0
 01930   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01931   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\evntwin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01932   464   NtClose  (216, ... ) == 0x0
 01933   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01934   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\exe2bin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01935   464   NtClose  (216, ... ) == 0x0
 01936   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01937   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\expand.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01938   464   NtClose  (216, ... ) == 0x0
 01939   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01940   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dumprep.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01941   464   NtClose  (216, ... ) == 0x0
 01942   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01943   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\explorer.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01944   464   NtClose  (216, ... ) == 0x0
 01945   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01946   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\extrac32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01947   464   NtClose  (216, ... ) == 0x0
 01948   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01949   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dvdupgrd.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01950   464   NtClose  (216, ... ) == 0x0
 01951   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01952   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fastopen.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01953   464   NtClose  (216, ... ) == 0x0
 01954   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01955   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01956   464   NtClose  (216, ... ) == 0x0
 01957   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01958   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dwwin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01959   464   NtClose  (216, ... ) == 0x0
 01960   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4014}, ) == 0x0
 01961   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01962   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\findstr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01963   464   NtClose  (216, ... ) == 0x0
 01964   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01965   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\finger.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01966   464   NtClose  (216, ... ) == 0x0
 01967   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01968   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\dxdiag.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01969   464   NtClose  (216, ... ) == 0x0
 01970   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01971   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\find.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01972   464   NtClose  (216, ... ) == 0x0
 01973   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01974   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\flattemp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01975   464   NtClose  (216, ... ) == 0x0
 01976   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01977   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fixmapi.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01978   464   NtClose  (216, ... ) == 0x0
 01979   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01980   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fpadmcgi.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01981   464   NtClose  (216, ... ) == 0x0
 01982   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01983   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fontview.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01984   464   NtClose  (216, ... ) == 0x0
 01985   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01986   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\forcedos.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01987   464   NtClose  (216, ... ) == 0x0
 01988   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01989   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\edlin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01990   464   NtClose  (216, ... ) == 0x0
 01991   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01992   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fsutil.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01993   464   NtClose  (216, ... ) == 0x0
 01994   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4026}, ) == 0x0
 01995   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01996   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\freecell.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 01997   464   NtClose  (216, ... ) == 0x0
 01998   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 01999   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ftp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02000   464   NtClose  (216, ... ) == 0x0
 02001   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02002   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fxsclnt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02003   464   NtClose  (216, ... ) == 0x0
 02004   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02005   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fxscover.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02006   464   NtClose  (216, ... ) == 0x0
 02007   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02008   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\esentutl.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02009   464   NtClose  (216, ... ) == 0x0
 02010   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4018}, ) == 0x0
 02011   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02012   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fxssend.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02013   464   NtClose  (216, ... ) == 0x0
 02014   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02015   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\fxssvc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02016   464   NtClose  (216, ... ) == 0x0
 02017   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02018   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\eudcedit.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02019   464   NtClose  (216, ... ) == 0x0
 02020   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02021   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\getmac.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02022   464   NtClose  (216, ... ) == 0x0
 02023   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02024   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\evcreate.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02025   464   NtClose  (216, ... ) == 0x0
 02026   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02027   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\gdi.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02028   464   NtClose  (216, ... ) == 0x0
 02029   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02030   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\icwconn1.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02031   464   NtClose  (216, ... ) == 0x0
 02032   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02033   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\evtrig.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02034   464   NtClose  (216, ... ) == 0x0
 02035   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02036   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\gprslt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02037   464   NtClose  (216, ... ) == 0x0
 02038   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4028}, ) == 0x0
 02039   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02040   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\eventvwr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02041   464   NtClose  (216, ... ) == 0x0
 02042   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02043   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\gpupdate.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02044   464   NtClose  (216, ... ) == 0x0
 02045   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02046   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\grpconv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02047   464   NtClose  (216, ... ) == 0x0
 02048   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02049   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\evntcmd.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02050   464   NtClose  (216, ... ) == 0x0
 02051   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02052   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\icwconn2.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02053   464   NtClose  (216, ... ) == 0x0
 02054   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02055   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ie4uinit.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02056   464   NtClose  (216, ... ) == 0x0
 02057   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4034}, ) == 0x0
 02058   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02059   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\icwrmind.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02060   464   NtClose  (216, ... ) == 0x0
 02061   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02062   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\help.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02063   464   NtClose  (216, ... ) == 0x0
 02064   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02065   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\icwtutor.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02066   464   NtClose  (216, ... ) == 0x0
 02067   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02068   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\helpctr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02069   464   NtClose  (216, ... ) == 0x0
 02070   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02071   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\helphost.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02072   464   NtClose  (216, ... ) == 0x0
 02073   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02074   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\helpsvc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02075   464   NtClose  (216, ... ) == 0x0
 02076   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02077   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\hh.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02078   464   NtClose  (216, ... ) == 0x0
 02079   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02080   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\iexplore.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02081   464   NtClose  (216, ... ) == 0x0
 02082   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02083   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\iexpress.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02084   464   NtClose  (216, ... ) == 0x0
 02085   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4028}, ) == 0x0
 02086   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02087   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\iissync.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02088   464   NtClose  (216, ... ) == 0x0
 02089   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02090   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imapi.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02091   464   NtClose  (216, ... ) == 0x0
 02092   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02093   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imekrmig.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02094   464   NtClose  (216, ... ) == 0x0
 02095   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02096   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imepadsv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02097   464   NtClose  (216, ... ) == 0x0
 02098   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02099   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imjpdadm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02100   464   NtClose  (216, ... ) == 0x0
 02101   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02102   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imjpdct.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02103   464   NtClose  (216, ... ) == 0x0
 02104   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02105   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\hostname.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02106   464   NtClose  (216, ... ) == 0x0
 02107   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02108   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imjpdsvr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02109   464   NtClose  (216, ... ) == 0x0
 02110   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02111   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imjpinst.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02112   464   NtClose  (216, ... ) == 0x0
 02113   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02114   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imjpmig.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02115   464   NtClose  (216, ... ) == 0x0
 02116   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4046}, ) == 0x0
 02117   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02118   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imjprw.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02119   464   NtClose  (216, ... ) == 0x0
 02120   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02121   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imjpuex.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02122   464   NtClose  (216, ... ) == 0x0
 02123   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02124   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imjputy.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02125   464   NtClose  (216, ... ) == 0x0
 02126   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02127   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imkrinst.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02128   464   NtClose  (216, ... ) == 0x0
 02129   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02130   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\imscinst.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02131   464   NtClose  (216, ... ) == 0x0
 02132   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02133   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\hrtzzm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02134   464   NtClose  (216, ... ) == 0x0
 02135   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02136   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ipv6.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02137   464   NtClose  (216, ... ) == 0x0
 02138   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02139   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ipxroute.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02140   464   NtClose  (216, ... ) == 0x0
 02141   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4024}, ) == 0x0
 02142   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02143   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\isignup.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02144   464   NtClose  (216, ... ) == 0x0
 02145   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02146   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\inetin51.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02147   464   NtClose  (216, ... ) == 0x0
 02148   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3978}, ) == 0x0
 02149   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02150   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\inetwiz.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02151   464   NtClose  (216, ... ) == 0x0
 02152   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4088}, ) == 0x0
 02153   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02154   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ipconfig.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02155   464   NtClose  (216, ... ) == 0x0
 02156   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4030}, ) == 0x0
 02157   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02158   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ipsec6.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02159   464   NtClose  (216, ... ) == 0x0
 02160   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4030}, ) == 0x0
 02161   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02162   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\krnl386.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02163   464   NtClose  (216, ... ) == 0x0
 02164   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02165   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\label.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02166   464   NtClose  (216, ... ) == 0x0
 02167   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02168   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\lnkstub.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02169   464   NtClose  (216, ... ) == 0x0
 02170   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02171   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\lights.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02172   464   NtClose  (216, ... ) == 0x0
 02173   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4080}, ) == 0x0
 02174   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02175   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\logman.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02176   464   NtClose  (216, ... ) == 0x0
 02177   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02178   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\locator.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02179   464   NtClose  (216, ... ) == 0x0
 02180   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02181   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\lodctr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02182   464   NtClose  (216, ... ) == 0x0
 02183   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02184   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\logoff.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02185   464   NtClose  (216, ... ) == 0x0
 02186   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02187   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\logon.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02188   464   NtClose  (216, ... ) == 0x0
 02189   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02190   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\logonui.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02191   464   NtClose  (216, ... ) == 0x0
 02192   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02193   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\lpq.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02194   464   NtClose  (216, ... ) == 0x0
 02195   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02196   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\lpr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02197   464   NtClose  (216, ... ) == 0x0
 02198   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02199   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\lsass.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02200   464   NtClose  (216, ... ) == 0x0
 02201   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4004}, ) == 0x0
 02202   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02203   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\magnify.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02204   464   NtClose  (216, ... ) == 0x0
 02205   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02206   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mmc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02207   464   NtClose  (216, ... ) == 0x0
 02208   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02209   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\makecab.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02210   464   NtClose  (216, ... ) == 0x0
 02211   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02212   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mnmsrvc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02213   464   NtClose  (216, ... ) == 0x0
 02214   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4006}, ) == 0x0
 02215   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02216   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mobsync.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02217   464   NtClose  (216, ... ) == 0x0
 02218   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02219   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mofcomp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02220   464   NtClose  (216, ... ) == 0x0
 02221   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02222   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\moviemk.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02223   464   NtClose  (216, ... ) == 0x0
 02224   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02225   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mountvol.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02226   464   NtClose  (216, ... ) == 0x0
 02227   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02228   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mplay32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02229   464   NtClose  (216, ... ) == 0x0
 02230   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02231   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mpnotify.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02232   464   NtClose  (216, ... ) == 0x0
 02233   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02234   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mqbkup.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02235   464   NtClose  (216, ... ) == 0x0
 02236   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3998}, ) == 0x0
 02237   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02238   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mqtgsvc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02239   464   NtClose  (216, ... ) == 0x0
 02240   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02241   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mqsvc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02242   464   NtClose  (216, ... ) == 0x0
 02243   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02244   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mrinfo.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02245   464   NtClose  (216, ... ) == 0x0
 02246   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02247   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mem.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02248   464   NtClose  (216, ... ) == 0x0
 02249   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4016}, ) == 0x0
 02250   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02251   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msconfig.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02252   464   NtClose  (216, ... ) == 0x0
 02253   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02254   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mscdexnt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02255   464   NtClose  (216, ... ) == 0x0
 02256   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02257   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\migisol.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02258   464   NtClose  (216, ... ) == 0x0
 02259   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02260   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msdtc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02261   464   NtClose  (216, ... ) == 0x0
 02262   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4028}, ) == 0x0
 02263   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02264   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\migload.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02265   464   NtClose  (216, ... ) == 0x0
 02266   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02267   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\migregdb.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02268   464   NtClose  (216, ... ) == 0x0
 02269   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02270   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\migwiz.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02271   464   NtClose  (216, ... ) == 0x0
 02272   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02273   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msg.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02274   464   NtClose  (216, ... ) == 0x0
 02275   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02276   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\migwiz_a.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02277   464   NtClose  (216, ... ) == 0x0
 02278   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02279   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mshearts.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02280   464   NtClose  (216, ... ) == 0x0
 02281   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02282   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msoobe.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02283   464   NtClose  (216, ... ) == 0x0
 02284   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02285   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mshta.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02286   464   NtClose  (216, ... ) == 0x0
 02287   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02288   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mspaint.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02289   464   NtClose  (216, ... ) == 0x0
 02290   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4052}, ) == 0x0
 02291   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02292   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mstsc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02293   464   NtClose  (216, ... ) == 0x0
 02294   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02295   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msswchx.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02296   464   NtClose  (216, ... ) == 0x0
 02297   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02298   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mstinit.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02299   464   NtClose  (216, ... ) == 0x0
 02300   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02301   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msiexec.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02302   464   NtClose  (216, ... ) == 0x0
 02303   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4046}, ) == 0x0
 02304   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02305   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msimn.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02306   464   NtClose  (216, ... ) == 0x0
 02307   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02308   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msinfo32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02309   464   NtClose  (216, ... ) == 0x0
 02310   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02311   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\mtstocom.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02312   464   NtClose  (216, ... ) == 0x0
 02313   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4028}, ) == 0x0
 02314   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02315   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\msiregmv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02316   464   NtClose  (216, ... ) == 0x0
 02317   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02318   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\muisetup.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02319   464   NtClose  (216, ... ) == 0x0
 02320   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02321   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\narrator.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02322   464   NtClose  (216, ... ) == 0x0
 02323   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02324   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\nbtstat.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02325   464   NtClose  (216, ... ) == 0x0
 02326   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02327   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\nddeapir.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02328   464   NtClose  (216, ... ) == 0x0
 02329   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02330   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\net.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02331   464   NtClose  (216, ... ) == 0x0
 02332   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4012}, ) == 0x0
 02333   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02334   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\net1.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02335   464   NtClose  (216, ... ) == 0x0
 02336   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02337   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\nslookup.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02338   464   NtClose  (216, ... ) == 0x0
 02339   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02340   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ntbackup.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02341   464   NtClose  (216, ... ) == 0x0
 02342   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02343   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\nppagent.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02344   464   NtClose  (216, ... ) == 0x0
 02345   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02346   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\netdde.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02347   464   NtClose  (216, ... ) == 0x0
 02348   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4014}, ) == 0x0
 02349   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02350   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ntsd.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02351   464   NtClose  (216, ... ) == 0x0
 02352   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02353   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\netsh.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02354   464   NtClose  (216, ... ) == 0x0
 02355   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02356   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ntvdm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02357   464   NtClose  (216, ... ) == 0x0
 02358   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02359   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\netstat.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02360   464   NtClose  (216, ... ) == 0x0
 02361   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02362   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\nw16.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02363   464   NtClose  (216, ... ) == 0x0
 02364   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02365   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\nwscript.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02366   464   NtClose  (216, ... ) == 0x0
 02367   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4030}, ) == 0x0
 02368   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02369   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\nlsfunc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02370   464   NtClose  (216, ... ) == 0x0
 02371   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02372   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\oemig50.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02373   464   NtClose  (216, ... ) == 0x0
 02374   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4026}, ) == 0x0
 02375   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02376   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\osuninst.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02377   464   NtClose  (216, ... ) == 0x0
 02378   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02379   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\osk.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02380   464   NtClose  (216, ... ) == 0x0
 02381   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02382   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\oobebaln.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02383   464   NtClose  (216, ... ) == 0x0
 02384   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02385   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\opnfiles.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02386   464   NtClose  (216, ... ) == 0x0
 02387   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02388   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\packager.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02389   464   NtClose  (216, ... ) == 0x0
 02390   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02391   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\notepad.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02392   464   NtClose  (216, ... ) == 0x0
 02393   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02394   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\print.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02395   464   NtClose  (216, ... ) == 0x0
 02396   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02397   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\notiflag.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02398   464   NtClose  (216, ... ) == 0x0
 02399   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4046}, ) == 0x0
 02400   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02401   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\pathping.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02402   464   NtClose  (216, ... ) == 0x0
 02403   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02404   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\progman.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02405   464   NtClose  (216, ... ) == 0x0
 02406   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02407   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\proquota.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02408   464   NtClose  (216, ... ) == 0x0
 02409   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02410   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\proxycfg.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02411   464   NtClose  (216, ... ) == 0x0
 02412   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02413   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\pentnt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02414   464   NtClose  (216, ... ) == 0x0
 02415   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02416   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\qappsrv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02417   464   NtClose  (216, ... ) == 0x0
 02418   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3998}, ) == 0x0
 02419   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02420   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\perfmon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02421   464   NtClose  (216, ... ) == 0x0
 02422   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02423   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\query.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02424   464   NtClose  (216, ... ) == 0x0
 02425   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02426   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\qprocess.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02427   464   NtClose  (216, ... ) == 0x0
 02428   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02429   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\quser.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02430   464   NtClose  (216, ... ) == 0x0
 02431   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02432   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\qwinsta.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02433   464   NtClose  (216, ... ) == 0x0
 02434   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02435   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rcp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02436   464   NtClose  (216, ... ) == 0x0
 02437   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02438   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rasautou.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02439   464   NtClose  (216, ... ) == 0x0
 02440   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4056}, ) == 0x0
 02441   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02442   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rasdial.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02443   464   NtClose  (216, ... ) == 0x0
 02444   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02445   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\pinball.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02446   464   NtClose  (216, ... ) == 0x0
 02447   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02448   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ping.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02449   464   NtClose  (216, ... ) == 0x0
 02450   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02451   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ping6.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02452   464   NtClose  (216, ... ) == 0x0
 02453   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02454   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rasphone.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02455   464   NtClose  (216, ... ) == 0x0
 02456   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02457   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\pintlphr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02458   464   NtClose  (216, ... ) == 0x0
 02459   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02460   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rcimlby.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02461   464   NtClose  (216, ... ) == 0x0
 02462   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4006}, ) == 0x0
 02463   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02464   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rdpclip.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02465   464   NtClose  (216, ... ) == 0x0
 02466   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02467   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\regedit.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02468   464   NtClose  (216, ... ) == 0x0
 02469   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02470   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\redir.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02471   464   NtClose  (216, ... ) == 0x0
 02472   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02473   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rdsaddin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02474   464   NtClose  (216, ... ) == 0x0
 02475   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02476   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rdshost.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02477   464   NtClose  (216, ... ) == 0x0
 02478   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02479   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\recover.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02480   464   NtClose  (216, ... ) == 0x0
 02481   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02482   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\reg.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02483   464   NtClose  (216, ... ) == 0x0
 02484   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02485   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\regedt32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02486   464   NtClose  (216, ... ) == 0x0
 02487   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02488   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rsnotify.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02489   464   NtClose  (216, ... ) == 0x0
 02490   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02491   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rsopprov.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02492   464   NtClose  (216, ... ) == 0x0
 02493   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02494   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rstrui.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02495   464   NtClose  (216, ... ) == 0x0
 02496   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02497   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\regini.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02498   464   NtClose  (216, ... ) == 0x0
 02499   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02500   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rsvp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02501   464   NtClose  (216, ... ) == 0x0
 02502   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02503   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\register.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02504   464   NtClose  (216, ... ) == 0x0
 02505   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02506   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\runas.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02507   464   NtClose  (216, ... ) == 0x0
 02508   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4018}, ) == 0x0
 02509   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02510   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\regsvr32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02511   464   NtClose  (216, ... ) == 0x0
 02512   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02513   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rtcshare.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02514   464   NtClose  (216, ... ) == 0x0
 02515   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02516   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02517   464   NtClose  (216, ... ) == 0x0
 02518   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02519   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rvsezm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02520   464   NtClose  (216, ... ) == 0x0
 02521   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02522   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\regwiz.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02523   464   NtClose  (216, ... ) == 0x0
 02524   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02525   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rundll32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02526   464   NtClose  (216, ... ) == 0x0
 02527   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02528   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\runonce.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02529   464   NtClose  (216, ... ) == 0x0
 02530   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02531   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\relog.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02532   464   NtClose  (216, ... ) == 0x0
 02533   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02534   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rwinsta.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02535   464   NtClose  (216, ... ) == 0x0
 02536   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02537   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sapisvr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02538   464   NtClose  (216, ... ) == 0x0
 02539   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02540   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\savedump.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02541   464   NtClose  (216, ... ) == 0x0
 02542   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02543   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02544   464   NtClose  (216, ... ) == 0x0
 02545   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4042}, ) == 0x0
 02546   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02547   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\replace.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02548   464   NtClose  (216, ... ) == 0x0
 02549   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02550   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\reset.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02551   464   NtClose  (216, ... ) == 0x0
 02552   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02553   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\scardsvr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02554   464   NtClose  (216, ... ) == 0x0
 02555   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02556   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rexec.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02557   464   NtClose  (216, ... ) == 0x0
 02558   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02559   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sctasks.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02560   464   NtClose  (216, ... ) == 0x0
 02561   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02562   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\scrcons.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02563   464   NtClose  (216, ... ) == 0x0
 02564   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02565   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\scrnsave.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02566   464   NtClose  (216, ... ) == 0x0
 02567   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02568   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\route.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02569   464   NtClose  (216, ... ) == 0x0
 02570   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02571   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\routemon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02572   464   NtClose  (216, ... ) == 0x0
 02573   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4008}, ) == 0x0
 02574   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02575   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\secedit.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02576   464   NtClose  (216, ... ) == 0x0
 02577   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02578   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\setup50.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02579   464   NtClose  (216, ... ) == 0x0
 02580   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02581   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\setup_wm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02582   464   NtClose  (216, ... ) == 0x0
 02583   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02584   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sethc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02585   464   NtClose  (216, ... ) == 0x0
 02586   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02587   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\services.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02588   464   NtClose  (216, ... ) == 0x0
 02589   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02590   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sessmgr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02591   464   NtClose  (216, ... ) == 0x0
 02592   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02593   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rsh.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02594   464   NtClose  (216, ... ) == 0x0
 02595   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02596   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\setup.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02597   464   NtClose  (216, ... ) == 0x0
 02598   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02599   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rsm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02600   464   NtClose  (216, ... ) == 0x0
 02601   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02602   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\shadow.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02603   464   NtClose  (216, ... ) == 0x0
 02604   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02605   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\share.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02606   464   NtClose  (216, ... ) == 0x0
 02607   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4062}, ) == 0x0
 02608   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02609   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rsmsink.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02610   464   NtClose  (216, ... ) == 0x0
 02611   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02612   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\rsmui.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02613   464   NtClose  (216, ... ) == 0x0
 02614   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02615   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sndrec32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02616   464   NtClose  (216, ... ) == 0x0
 02617   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02618   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\smss.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02619   464   NtClose  (216, ... ) == 0x0
 02620   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02621   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\smlogsvc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02622   464   NtClose  (216, ... ) == 0x0
 02623   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02624   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sndvol32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02625   464   NtClose  (216, ... ) == 0x0
 02626   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02627   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\snmp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02628   464   NtClose  (216, ... ) == 0x0
 02629   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4036}, ) == 0x0
 02630   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02631   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\shmgrate.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02632   464   NtClose  (216, ... ) == 0x0
 02633   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02634   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\snmptrap.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02635   464   NtClose  (216, ... ) == 0x0
 02636   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02637   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\shrpubw.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02638   464   NtClose  (216, ... ) == 0x0
 02639   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02640   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sol.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02641   464   NtClose  (216, ... ) == 0x0
 02642   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02643   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sort.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02644   464   NtClose  (216, ... ) == 0x0
 02645   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02646   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\shutdown.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02647   464   NtClose  (216, ... ) == 0x0
 02648   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02649   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\spider.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02650   464   NtClose  (216, ... ) == 0x0
 02651   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02652   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\spoolsv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02653   464   NtClose  (216, ... ) == 0x0
 02654   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02655   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sprestrt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02656   464   NtClose  (216, ... ) == 0x0
 02657   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02658   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\shvlzm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02659   464   NtClose  (216, ... ) == 0x0
 02660   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4024}, ) == 0x0
 02661   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02662   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sigverif.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02663   464   NtClose  (216, ... ) == 0x0
 02664   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02665   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\srdiag.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02666   464   NtClose  (216, ... ) == 0x0
 02667   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02668   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ss3dfo.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02669   464   NtClose  (216, ... ) == 0x0
 02670   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02671   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ssbezier.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02672   464   NtClose  (216, ... ) == 0x0
 02673   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02674   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\skeys.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02675   464   NtClose  (216, ... ) == 0x0
 02676   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02677   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ssmarque.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02678   464   NtClose  (216, ... ) == 0x0
 02679   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02680   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ssmypics.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02681   464   NtClose  (216, ... ) == 0x0
 02682   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02683   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ssflwbox.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02684   464   NtClose  (216, ... ) == 0x0
 02685   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02686   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ssmyst.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02687   464   NtClose  (216, ... ) == 0x0
 02688   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02689   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sspipes.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02690   464   NtClose  (216, ... ) == 0x0
 02691   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02692   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ssstars.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02693   464   NtClose  (216, ... ) == 0x0
 02694   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4056}, ) == 0x0
 02695   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02696   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sstext3d.scr"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02697   464   NtClose  (216, ... ) == 0x0
 02698   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02699   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\stimon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02700   464   NtClose  (216, ... ) == 0x0
 02701   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02702   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\subst.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02703   464   NtClose  (216, ... ) == 0x0
 02704   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02705   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\svchost.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02706   464   NtClose  (216, ... ) == 0x0
 02707   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02708   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\smi2smir.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02709   464   NtClose  (216, ... ) == 0x0
 02710   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02711   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tcpsvcs.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02712   464   NtClose  (216, ... ) == 0x0
 02713   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4002}, ) == 0x0
 02714   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02715   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\telnet.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02716   464   NtClose  (216, ... ) == 0x0
 02717   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02718   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tftp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02719   464   NtClose  (216, ... ) == 0x0
 02720   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02721   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\syncapp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02722   464   NtClose  (216, ... ) == 0x0
 02723   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02724   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tintlphr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02725   464   NtClose  (216, ... ) == 0x0
 02726   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02727   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tintsetp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02728   464   NtClose  (216, ... ) == 0x0
 02729   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02730   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tlntadmn.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02731   464   NtClose  (216, ... ) == 0x0
 02732   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02733   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sysedit.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02734   464   NtClose  (216, ... ) == 0x0
 02735   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02736   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tlntsess.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02737   464   NtClose  (216, ... ) == 0x0
 02738   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02739   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tlntsvr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02740   464   NtClose  (216, ... ) == 0x0
 02741   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02742   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tourW.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02743   464   NtClose  (216, ... ) == 0x0
 02744   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02745   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\syskey.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02746   464   NtClose  (216, ... ) == 0x0
 02747   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02748   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tscupgrd.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02749   464   NtClose  (216, ... ) == 0x0
 02750   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02751   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tscon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02752   464   NtClose  (216, ... ) == 0x0
 02753   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4022}, ) == 0x0
 02754   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02755   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tourstrt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02756   464   NtClose  (216, ... ) == 0x0
 02757   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02758   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tracerpt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02759   464   NtClose  (216, ... ) == 0x0
 02760   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02761   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tracert.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02762   464   NtClose  (216, ... ) == 0x0
 02763   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02764   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tracert6.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02765   464   NtClose  (216, ... ) == 0x0
 02766   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02767   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tsprof.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02768   464   NtClose  (216, ... ) == 0x0
 02769   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02770   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tsshutdn.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02771   464   NtClose  (216, ... ) == 0x0
 02772   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02773   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\sysinfo.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02774   464   NtClose  (216, ... ) == 0x0
 02775   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02776   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tsdiscon.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02777   464   NtClose  (216, ... ) == 0x0
 02778   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02779   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tskill.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02780   464   NtClose  (216, ... ) == 0x0
 02781   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02782   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\systray.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02783   464   NtClose  (216, ... ) == 0x0
 02784   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02785   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\typeperf.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02786   464   NtClose  (216, ... ) == 0x0
 02787   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4028}, ) == 0x0
 02788   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02789   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\unlodctr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02790   464   NtClose  (216, ... ) == 0x0
 02791   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02792   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\unsecapp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02793   464   NtClose  (216, ... ) == 0x0
 02794   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02795   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\uploadm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02796   464   NtClose  (216, ... ) == 0x0
 02797   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02798   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\taskkill.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02799   464   NtClose  (216, ... ) == 0x0
 02800   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02801   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\ups.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02802   464   NtClose  (216, ... ) == 0x0
 02803   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02804   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tasklist.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02805   464   NtClose  (216, ... ) == 0x0
 02806   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02807   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\upnpcont.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02808   464   NtClose  (216, ... ) == 0x0
 02809   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02810   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\taskman.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02811   464   NtClose  (216, ... ) == 0x0
 02812   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4014}, ) == 0x0
 02813   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02814   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\taskmgr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02815   464   NtClose  (216, ... ) == 0x0
 02816   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02817   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\user.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02818   464   NtClose  (216, ... ) == 0x0
 02819   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02820   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\userinit.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02821   464   NtClose  (216, ... ) == 0x0
 02822   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02823   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\tcmsetup.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02824   464   NtClose  (216, ... ) == 0x0
 02825   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02826   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\utilman.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02827   464   NtClose  (216, ... ) == 0x0
 02828   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02829   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wabmig.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02830   464   NtClose  (216, ... ) == 0x0
 02831   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02832   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wb32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02833   464   NtClose  (216, ... ) == 0x0
 02834   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4038}, ) == 0x0
 02835   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02836   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\verifier.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02837   464   NtClose  (216, ... ) == 0x0
 02838   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02839   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wbemtest.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02840   464   NtClose  (216, ... ) == 0x0
 02841   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02842   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wextract.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02843   464   NtClose  (216, ... ) == 0x0
 02844   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02845   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wiaacmgr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02846   464   NtClose  (216, ... ) == 0x0
 02847   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4038}, ) == 0x0
 02848   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02849   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winchat.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02850   464   NtClose  (216, ... ) == 0x0
 02851   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02852   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winhelp.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02853   464   NtClose  (216, ... ) == 0x0
 02854   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02855   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winmgmt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02856   464   NtClose  (216, ... ) == 0x0
 02857   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02858   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winhlp32.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02859   464   NtClose  (216, ... ) == 0x0
 02860   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02861   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winhstb.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02862   464   NtClose  (216, ... ) == 0x0
 02863   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02864   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\vssadmin.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02865   464   NtClose  (216, ... ) == 0x0
 02866   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02867   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winmsd.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02868   464   NtClose  (216, ... ) == 0x0
 02869   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02870   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winmine.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02871   464   NtClose  (216, ... ) == 0x0
 02872   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02873   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\vssvc.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02874   464   NtClose  (216, ... ) == 0x0
 02875   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4006}, ) == 0x0
 02876   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02877   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winspool.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02878   464   NtClose  (216, ... ) == 0x0
 02879   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02880   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\vwipxspx.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02881   464   NtClose  (216, ... ) == 0x0
 02882   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02883   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\w32tm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02884   464   NtClose  (216, ... ) == 0x0
 02885   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02886   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\winver.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02887   464   NtClose  (216, ... ) == 0x0
 02888   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02889   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wmiadap.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02890   464   NtClose  (216, ... ) == 0x0
 02891   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02892   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wab.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02893   464   NtClose  (216, ... ) == 0x0
 02894   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4028}, ) == 0x0
 02895   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02896   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wmic.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02897   464   NtClose  (216, ... ) == 0x0
 02898   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02899   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wmiapsrv.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02900   464   NtClose  (216, ... ) == 0x0
 02901   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02902   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wowdeb.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02903   464   NtClose  (216, ... ) == 0x0
 02904   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02905   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wowexec.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02906   464   NtClose  (216, ... ) == 0x0
 02907   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02908   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wordpad.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02909   464   NtClose  (216, ... ) == 0x0
 02910   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02911   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wpabaln.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02912   464   NtClose  (216, ... ) == 0x0
 02913   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02914   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wpnpinst.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02915   464   NtClose  (216, ... ) == 0x0
 02916   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02917   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\write.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02918   464   NtClose  (216, ... ) == 0x0
 02919   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4056}, ) == 0x0
 02920   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02921   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wscript.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02922   464   NtClose  (216, ... ) == 0x0
 02923   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02924   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\xcopy.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02925   464   NtClose  (216, ... ) == 0x0
 02926   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02927   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wuauclt.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02928   464   NtClose  (216, ... ) == 0x0
 02929   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02930   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wupdmgr.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02931   464   NtClose  (216, ... ) == 0x0
 02932   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02933   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wmiprvse.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02934   464   NtClose  (216, ... ) == 0x0
 02935   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=2852}, ) == 0x0
 02936   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02937   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\zclientm.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02938   464   NtClose  (216, ... ) == 0x0
 02939   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02940   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wmplayer.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02941   464   NtClose  (216, ... ) == 0x0
 02942   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02943   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244952,  (0x80100080, {24, 0, 0x40, 0, 1244952, "\??\C:\WINDOWS\system32\dllcache\wmpstub.exe"}, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 216, {status=0x0, info=1}, ) == 0x0
 02944   464   NtClose  (216, ... ) == 0x0
 02945   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 02946   464   NtClose  (212, ... ) == 0x0
 02947   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02948   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\export\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 02949   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02950   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 02951   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 02952   464   NtClose  (212, ... ) == 0x0
 02953   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02954   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\icsxml\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 02955   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02956   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=690}, ) == 0x0
 02957   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 02958   464   NtClose  (212, ... ) == 0x0
 02959   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02960   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mui\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 02961   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02962   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=318}, ) == 0x0
 02963   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02964   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mui\0009\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 02965   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02966   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=222}, ) == 0x0
 02967   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 02968   464   NtClose  (216, ... ) == 0x0
 02969   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02970   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mui\dispspec\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 02971   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02972   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 02973   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 02974   464   NtClose  (216, ... ) == 0x0
 02975   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 02976   464   NtClose  (212, ... ) == 0x0
 02977   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02978   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\"}, 3, 16417, ... 212, {status=0x0, info=1}, ) }, 3, 16417, ... 212, {status=0x0, info=1}, ) == 0x0
 02979   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1,  (212, 0, 0, 0, 1243720, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02980   464   NtQueryDirectoryFile  (212, 0, 0, 0, 1403248, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4068}, ) == 0x0
 02981   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02982   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 02983   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02984   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1094}, ) == 0x0
 02985   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02986   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\ispsgnup\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 02987   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02988   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 02989   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 02990   464   NtClose  (220, ... ) == 0x0
 02991   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 02992   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 02993   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 02994   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1642}, ) == 0x0
 02995   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 02996   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 02997   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 02998   464   NtClose  (-2147482028, ... ) == 0x0
 02997   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 02999   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
"    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
"    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
"    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
"    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
0x0
 03065   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
"    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
"    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
"    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        
  
"    style="display:none;  text-align: center; border: thin solid grey;">
\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
  
1554, 0x0, 0, ... {status=0x0, info=1554}, ) == 0x0
 03066   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03067   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03068   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03069   464   NtClose  (228, ... ) == 0x0
 03070   464   NtClose  (224, ... ) == 0x0
 03071   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03072   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03073   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03074   464   NtClose  (224, ... ) == 0x0
 03075   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03076   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03077   464   NtSetInformationFile  (224, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03078   464   NtClose  (224, ... ) == 0x0
 03079   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03080   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03081   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03082   464   NtClose  (-2147482028, ... ) == 0x0
 03081   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 03083   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=196},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=196}, "td>\15\12    \15\12    \15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) btnNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=196}, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) newbuttonsNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=196}, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) N (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=196}, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=196}, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 03086   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 176, 0x0, 0, ... {status=0x0, info=176}, ) btnNext (228, 0, 0, 0, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 176, 0x0, 0, ... {status=0x0, info=176}, ) newbuttonsNext (228, 0, 0, 0, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 176, 0x0, 0, ... {status=0x0, info=176}, ) N (228, 0, 0, 0, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 176, 0x0, 0, ... {status=0x0, info=176}, ) visibility:visible; (228, 0, 0, 0, "td>\15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 176, 0x0, 0, ... {status=0x0, info=176}, ) , 176, 0x0, 0, ... {status=0x0, info=176}, ) == 0x0
 03087   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03088   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03089   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03090   464   NtClose  (224, ... ) == 0x0
 03091   464   NtClose  (228, ... ) == 0x0
 03092   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm"}, 7, 2113600, ... 228, {status=0x0, info=1}, ) }, 7, 2113600, ... 228, {status=0x0, info=1}, ) == 0x0
 03093   464   NtQueryInformationFile  (228, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03094   464   NtSetInformationFile  (228, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03095   464   NtClose  (228, ... ) == 0x0
 03096   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm.tmp"}, 7, 2113568, ... 228, {status=0x0, info=1}, ) }, 7, 2113568, ... 228, {status=0x0, info=1}, ) == 0x0
 03097   464   NtQueryInformationFile  (228, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03098   464   NtSetInformationFile  (228, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03099   464   NtClose  (228, ... ) == 0x0
 03100   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03101   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) == 0x0
 03102   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03103   464   NtClose  (-2147482028, ... ) == 0x0
 03102   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03104   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", ) stylesheet (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", ) text/css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", ) ../../setup/oobestyl.css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", ) background-color:transparent; background-repeat: no-repeat; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", ) window.parent.MouseTut_LoadMe_PageE();window.parent.Agent_Activate('MouseTutE'); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", ) window.parent.Agent_Deactivate(); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", ) , ) == 0x0
 03105   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-color:transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.MouseTut_LoadMe_PageE();window.parent.Agent_Activate('MouseTutE'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03106   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1615},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1615}, "lspacing=4>\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12   ", ) display:none;  text-align: center; border: thin solid grey; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1615}, "lspacing=4>\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12   ", ) display:none;  text-align: center; border: thin solid grey; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1615}, "lspacing=4>\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12   ", ) newbuttonposition (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1615}, "lspacing=4>\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12   ", ) , ) == 0x0
 03107   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "lspacing=4>\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12   ", 1595, 0x0, 0, ... {status=0x0, info=1595}, ) display:none;  text-align: center; border: thin solid grey; (224, 0, 0, 0, "lspacing=4>\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12   ", 1595, 0x0, 0, ... {status=0x0, info=1595}, ) display:none;  text-align: center; border: thin solid grey; (224, 0, 0, 0, "lspacing=4>\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12   ", 1595, 0x0, 0, ... {status=0x0, info=1595}, ) newbuttonposition (224, 0, 0, 0, "lspacing=4>\15\12\15\12\15\12\15\12\15\12\15\12

\15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12   ", 1595, 0x0, 0, ... {status=0x0, info=1595}, ) , 1595, 0x0, 0, ... {status=0x0, info=1595}, ) == 0x0
 03108   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03109   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03110   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03111   464   NtClose  (228, ... ) == 0x0
 03112   464   NtClose  (224, ... ) == 0x0
 03113   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03114   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03115   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03116   464   NtClose  (224, ... ) == 0x0
 03117   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03118   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03119   464   NtSetInformationFile  (224, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03120   464   NtClose  (224, ... ) == 0x0
 03121   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03122   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03123   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03124   464   NtClose  (-2147482028, ... ) == 0x0
 03123   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 03125   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) ../../setup/oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) background-color:transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.MouseTut_LoadMe();window.parent.Agent_Activate('MouseTutF'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03126   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-color:transparent; background-repeat: no-repeat; (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.MouseTut_LoadMe();window.parent.Agent_Activate('MouseTutF'); (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03127   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=227},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=227}, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) btnNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=227}, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) newbuttonsNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=227}, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) N (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=227}, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=227}, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 03128   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 207, 0x0, 0, ... {status=0x0, info=207}, ) btnNext (228, 0, 0, 0, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 207, 0x0, 0, ... {status=0x0, info=207}, ) newbuttonsNext (228, 0, 0, 0, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 207, 0x0, 0, ... {status=0x0, info=207}, ) N (228, 0, 0, 0, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 207, 0x0, 0, ... {status=0x0, info=207}, ) visibility:visible; (228, 0, 0, 0, "\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 207, 0x0, 0, ... {status=0x0, info=207}, ) , 207, 0x0, 0, ... {status=0x0, info=207}, ) == 0x0
 03129   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03130   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03131   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03132   464   NtClose  (224, ... ) == 0x0
 03133   464   NtClose  (228, ... ) == 0x0
 03134   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm"}, 7, 2113600, ... 228, {status=0x0, info=1}, ) }, 7, 2113600, ... 228, {status=0x0, info=1}, ) == 0x0
 03135   464   NtQueryInformationFile  (228, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03136   464   NtSetInformationFile  (228, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03137   464   NtClose  (228, ... ) == 0x0
 03138   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm.tmp"}, 7, 2113568, ... 228, {status=0x0, info=1}, ) }, 7, 2113568, ... 228, {status=0x0, info=1}, ) == 0x0
 03139   464   NtQueryInformationFile  (228, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03140   464   NtSetInformationFile  (228, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03141   464   NtClose  (228, ... ) == 0x0
 03142   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03143   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) == 0x0
 03144   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03145   464   NtClose  (-2147482028, ... ) == 0x0
 03144   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03146   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\124.0 Transitional//EN (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\120x0
 03147   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03148   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) newbuttonposition (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) btnBack (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) newbuttonsBack (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) B (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) visibility:visible; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) BackBtnLocalText (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) visibility:visible; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) LocalBtnBack_Text (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1207}, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", ) , ) == 0x0
 03149   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) newbuttonposition (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) btnBack (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) newbuttonsBack (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) B (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) visibility:visible; (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) text-primary (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) BackBtnLocalText (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) visibility:visible; (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) LocalBtnBack_Text (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) text-primary (224, 0, 0, 0, "e border=0 class="newbuttonposition">\15\12    \15\12          \15\12        \15\12        Back\15\12\15\12         \15\12        ", 1187, 0x0, 0, ... {status=0x0, info=1187}, ) , 1187, 0x0, 0, ... {status=0x0, info=1187}, ) == 0x0
 03150   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03151   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03152   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03153   464   NtClose  (228, ... ) == 0x0
 03154   464   NtClose  (224, ... ) == 0x0
 03155   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03156   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03157   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03158   464   NtClose  (224, ... ) == 0x0
 03159   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03160   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03161   464   NtSetInformationFile  (224, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03162   464   NtClose  (224, ... ) == 0x0
 03163   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03164   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03165   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03166   464   NtClose  (-2147482028, ... ) == 0x0
 03165   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 03167   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) ../../setup/oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) background-color:transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.MouseTut_LoadMe_PageH();window.parent.Agent_Activate('MouseTutH'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03168   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-color:transparent; background-repeat: no-repeat; (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.MouseTut_LoadMe_PageH();window.parent.Agent_Activate('MouseTutH'); (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03169   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
 
Skip
  
", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) SkipBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) LocalBtnSkip_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) btnSkip (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) newbuttonsSkip (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) S (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) NextBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=789}, " 
 
Skip
  
", ) , ) == 0x0
 03170   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) text-primary (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) SkipBtnLocalText (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) visibility:visible; (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) LocalBtnSkip_Text (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) btnSkip (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) newbuttonsSkip (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) S (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) visibility:visible; (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) text-primary (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) NextBtnLocalText (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) visibility:visible; (228, 0, 0, 0, " 
 
Skip
  
", 769, 0x0, 0, ... {status=0x0, info=769}, ) , 769, 0x0, 0, ... {status=0x0, info=769}, ) == 0x0
 03171   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03172   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03173   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03174   464   NtClose  (224, ... ) == 0x0
 03175   464   NtClose  (228, ... ) == 0x0
 03176   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm"}, 7, 2113600, ... 228, {status=0x0, info=1}, ) }, 7, 2113600, ... 228, {status=0x0, info=1}, ) == 0x0
 03177   464   NtQueryInformationFile  (228, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03178   464   NtSetInformationFile  (228, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03179   464   NtClose  (228, ... ) == 0x0
 03180   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm.tmp"}, 7, 2113568, ... 228, {status=0x0, info=1}, ) }, 7, 2113568, ... 228, {status=0x0, info=1}, ) == 0x0
 03181   464   NtQueryInformationFile  (228, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03182   464   NtSetInformationFile  (228, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03183   464   NtClose  (228, ... ) == 0x0
 03184   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03185   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) == 0x0
 03186   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03187   464   NtClose  (-2147482028, ... ) == 0x0
 03186   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03188   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) ../../setup/oobestyl.css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) background-color:transparent; background-repeat: no-repeat; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.MouseTut_LoadMe_PageI();window.parent.Agent_Activate('MouseTutI'); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03189   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-color:transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.MouseTut_LoadMe_PageI();window.parent.Agent_Activate('MouseTutI'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03190   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, ) newbuttonposition (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) btnBack (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) newbuttonsBack (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) B (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) visibility:visible; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) BackBtnLocalText (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) visibility:visible; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) LocalBtnBack_Text (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1202}, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, ) , ) == 0x0
 03191   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) newbuttonposition (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) btnBack (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) newbuttonsBack (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) B (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) visibility:visible; (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) text-primary (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) BackBtnLocalText (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) visibility:visible; (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) LocalBtnBack_Text (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) text-primary (224, 0, 0, 0, "der=0 class="newbuttonposition">\15\12    
  
Back
 
, 1182, 0x0, 0, ... {status=0x0, info=1182}, ) , 1182, 0x0, 0, ... {status=0x0, info=1182}, ) == 0x0
 03192   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03193   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03194   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03195   464   NtClose  (228, ... ) == 0x0
 03196   464   NtClose  (224, ... ) == 0x0
 03197   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03198   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03199   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03200   464   NtClose  (224, ... ) == 0x0
 03201   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03202   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03203   464   NtSetInformationFile  (224, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03204   464   NtClose  (224, ... ) == 0x0
 03205   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03206   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03207   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03208   464   NtClose  (-2147482028, ... ) == 0x0
 03207   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 03209   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) ../../setup/oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) background-color:transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.MouseTut_LoadMe_PageJ();window.parent.Agent_Activate('MouseTutJ'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03210   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-color:transparent; background-repeat: no-repeat; (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.MouseTut_LoadMe_PageJ();window.parent.Agent_Activate('MouseTutJ'); (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03211   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=757},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=757}, "    \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
0x0
 03212   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
"    
Skip
  
737, 0x0, 0, ... {status=0x0, info=737}, ) == 0x0
 03213   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03214   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03215   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03216   464   NtClose  (224, ... ) == 0x0
 03217   464   NtClose  (228, ... ) == 0x0
 03218   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm"}, 7, 2113600, ... 228, {status=0x0, info=1}, ) }, 7, 2113600, ... 228, {status=0x0, info=1}, ) == 0x0
 03219   464   NtQueryInformationFile  (228, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03220   464   NtSetInformationFile  (228, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03221   464   NtClose  (228, ... ) == 0x0
 03222   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm.tmp"}, 7, 2113568, ... 228, {status=0x0, info=1}, ) }, 7, 2113568, ... 228, {status=0x0, info=1}, ) == 0x0
 03223   464   NtQueryInformationFile  (228, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03224   464   NtSetInformationFile  (228, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03225   464   NtClose  (228, ... ) == 0x0
 03226   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03227   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) == 0x0
 03228   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03229   464   NtClose  (-2147482028, ... ) == 0x0
 03228   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03230   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) ../../setup/oobestyl.css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) background-color:transparent; background-repeat: no-repeat; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.MouseTut_LoadMe_PageK();window.parent.Agent_Activate('MouseTutK'); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03231   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-color:transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.MouseTut_LoadMe_PageK();window.parent.Agent_Activate('MouseTutK'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03232   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=681},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=681}, "xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip\15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12                \15\12            \15\12        \15\12            \15\12            \15\12                \15\12                \15\12            \15\12        \15\12            \15\12            \15\12                \15\12                \15\12            \15\12        \15\12            \15\12            \15\12                \15\12                \15\12            \15\12        \15\12            \15\12            \15\12                \15\12                \15\12            \15\12        \15\12            \15\12            \15\12                \15\12                \15\12            \15\12        \15\12            \15\12            \15\12                \15\12                \15\12            \15\12        \15\12            \15\12            \15\12                \15\12                \15\12            \15\12        \15\12            \15\12            \15\12                \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
Skip
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
3  ACCESSKEY= (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=681}, "xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
10>  
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
Next
0x0
 03233   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
Skip
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
3  ACCESSKEY= (224, 0, 0, 0, "xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
10>  
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
"xt" style="visibility:hidden;">"LocalBtnSkip_Text">Skip
"btnSkip" class="newbuttonsSkip" TABINDEX=3  ACCESSKEY="S" style="visibility:hidden;">
  
"text-primary">"NextBtnLocalText" style="visibility:visible;">"LocalBtnNext_Text">Next
Next
661, 0x0, 0, ... {status=0x0, info=661}, ) == 0x0
 03234   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03235   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03236   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03237   464   NtClose  (228, ... ) == 0x0
 03238   464   NtClose  (224, ... ) == 0x0
 03239   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03240   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03241   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03242   464   NtClose  (224, ... ) == 0x0
 03243   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03244   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03245   464   NtSetInformationFile  (224, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03246   464   NtClose  (224, ... ) == 0x0
 03247   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03248   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\mouse\images\"}, 3, 16417, ... 224, {status=0x0, info=1}, ) }, 3, 16417, ... 224, {status=0x0, info=1}, ) == 0x0
 03249   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1,  (224, 0, 0, 0, 1243684, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03250   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1416616, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3908}, ) == 0x0
 03251   464   NtQueryDirectoryFile  (224, 0, 0, 0, 1416616, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03252   464   NtClose  (224, ... ) == 0x0
 03253   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=1428}, ) == 0x0
 03254   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03255   464   NtClose  (220, ... ) == 0x0
 03256   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03257   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\oemcust\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 03258   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03259   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 03260   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03261   464   NtClose  (220, ... ) == 0x0
 03262   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03263   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\oemhw\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 03264   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03265   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 03266   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03267   464   NtClose  (220, ... ) == 0x0
 03268   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03269   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\oemreg\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 03270   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03271   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=98}, ) == 0x0
 03272   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03273   464   NtClose  (220, ... ) == 0x0
 03274   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03275   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\iconnect\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 03276   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03277   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=342}, ) == 0x0
 03278   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03279   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03280   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03281   464   NtClose  (-2147482028, ... ) == 0x0
 03280   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 03282   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\120x0
 03283   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\124.0 Transitional//EN (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03284   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "       \15\12                
\15\12                    (Example: johndoe)\15\12                
\15\12                        \15\12                    \15\12                        Your user password:\15\12                    \15\12       ", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "       \15\12                
\15\12                    (Example: johndoe)\15\12                
\15\12                        \15\12                    \15\12                        Your user password:\15\12                    \15\12       ", ) iconnect_spn_password (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "       \15\12                
\15\12                    (Example: johndoe)\15\12                
\15\12                        \15\12                    \15\12                        Your user password:\15\12                    \15\12       ", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "       \15\12                
\15\12                    (Example: johndoe)\15\12                
\15\12                        \15\12                    \15\12                        Your user password:\15\12                    \15\12       ", ) , ) == 0x0
 03285   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "       \15\12                
\15\12                    (Example: johndoe)\15\12                
\15\12                        \15\12                    \15\12                        Your user password:\15\12                    \15\12       ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (228, 0, 0, 0, "       \15\12                
\15\12                    (Example: johndoe)\15\12                
\15\12                        \15\12                    \15\12                        Your user password:\15\12                    \15\12       ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) iconnect_spn_password (228, 0, 0, 0, "       \15\12                
\15\12                    (Example: johndoe)\15\12                
\15\12                        \15\12                    \15\12                        Your user password:\15\12                    \15\12       ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (228, 0, 0, 0, "       \15\12                
\15\12                    (Example: johndoe)\15\12                
\15\12                        \15\12                    \15\12                        Your user password:\15\12                    \15\12       ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03286   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12
\15\12                    
\15\12                        ", ) 0 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
\15\12                    
\15\12                        ", ) 0 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12
\15\12                    
\15\12                        ", ) 3 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
\15\12                    
\15\12                        ", ) 2 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12
\15\12                    
\15\12                        ", ) top (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
\15\12                    
\15\12                        ", ) , ) == 0x0
 03287   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12
\15\12                    
\15\12                        ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 0 (228, 0, 0, 0, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
\15\12                    
\15\12                        ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 0 (228, 0, 0, 0, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12
\15\12                    
\15\12                        ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 3 (228, 0, 0, 0, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
\15\12                    
\15\12                        ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 2 (228, 0, 0, 0, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12\15\12
\15\12                    
\15\12                        ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) top (228, 0, 0, 0, "r>
\15\12            If the following information was provided to you, please enter it below. This information is optional, so if you don't have it, just ignore this section.\15\12        
\15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12            \15\12            \15\12                \15\12                \15\12                \15\12                \15\12            \15\12            \15\12            \15\12                \15\12                \15\12                \15\12                \15\12                \15\12            \15\12            \15\12            \15\12                \15\12                \15\12                \15\12                \15\12                \15\12            \15\12            \15\12            \15\12                \15\12                \15\12                \15\12                \15\12                \15\12            \15\12            \15\12            \15\12                \15\12                \15\12                \15\12                \15\12                \15\12            \15\12            \15\12            \15\12                \15\12                \15\12                \15\12                \15\12                \15\12            \15\12            \15\12            \15\12                \15\12                \15\12                \15\12                \15\12                \15\12            \15\12            \15\12            \15\12                \15\12                \15\12                \15\12                \15\12                \15\12            \15\12            \15\12            \15\12                \15\12                \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
\15\12                    
\15\12                        ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03288   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", ) iconnect_spn_staticIP_exp (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", ) display:none; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", ) text-error-small (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", ) 3 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", ) top (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", ) , ) == 0x0
 03289   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) iconnect_spn_staticIP_exp (228, 0, 0, 0, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none; (228, 0, 0, 0, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-error-small (228, 0, 0, 0, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 3 (228, 0, 0, 0, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) top (228, 0, 0, 0, " 
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    
\15\12                      &n", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03290   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12                
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    &nb", ) iconnect_spn_prefrdns_exp (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12                
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    &nb", ) display:none; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12                
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    &nb", ) text-error-small (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12                
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    &nb", ) , ) == 0x0
 03291   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12                
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    &nb", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) iconnect_spn_prefrdns_exp (228, 0, 0, 0, "\15\12                
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    &nb", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none; (228, 0, 0, 0, "\15\12                
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    &nb", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-error-small (228, 0, 0, 0, "\15\12                
\15\12                    
\15\12                     \15\12                    \15\12                        Range: 1-223.0-255.0-255.0-255\15\12                    \15\12                
\15\12                    &nb", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03292   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=965},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=965}, "=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
0x0
 03293   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
"=middle class="text-primary">Back
 
Skip
945, 0x0, 0, ... {status=0x0, info=945}, ) == 0x0
 03294   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03295   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03296   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03297   464   NtClose  (224, ... ) == 0x0
 03298   464   NtClose  (228, ... ) == 0x0
 03299   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm"}, 7, 2113600, ... 228, {status=0x0, info=1}, ) }, 7, 2113600, ... 228, {status=0x0, info=1}, ) == 0x0
 03300   464   NtQueryInformationFile  (228, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03301   464   NtSetInformationFile  (228, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03302   464   NtClose  (228, ... ) == 0x0
 03303   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm.tmp"}, 7, 2113568, ... 228, {status=0x0, info=1}, ) }, 7, 2113568, ... 228, {status=0x0, info=1}, ) == 0x0
 03304   464   NtQueryInformationFile  (228, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03305   464   NtSetInformationFile  (228, 1416616, 126, Rename, ... {status=0x0, info=0}, ) == 0x0
 03306   464   NtClose  (228, ... ) == 0x0
 03307   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03308   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) == 0x0
 03309   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03310   464   NtClose  (-2147482028, ... ) == 0x0
 03309   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03311   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) stylesheet (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) text/css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) ../../setup/oobestyl.css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) , ) == 0x0
 03312   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03313   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, ) newbuttonposition (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, ) btnBack (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, ) newbuttonsBack (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, ) B (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, ) visibility:hidden; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, ) BackBtnLocalText (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, ) visibility:hidden; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, ) LocalBtnBack_Text (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1314}, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, ) , ) == 0x0
 03314   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) newbuttonposition (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) btnBack (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) newbuttonsBack (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) B (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) visibility:hidden; (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) text-primary (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) BackBtnLocalText (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) visibility:hidden; (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) LocalBtnBack_Text (224, 0, 0, 0, "IV>\15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back, 1294, 0x0, 0, ... {status=0x0, info=1294}, ) , 1294, 0x0, 0, ... {status=0x0, info=1294}, ) == 0x0
 03315   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03316   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03317   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03318   464   NtClose  (228, ... ) == 0x0
 03319   464   NtClose  (224, ... ) == 0x0
 03320   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03321   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03322   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03323   464   NtClose  (224, ... ) == 0x0
 03324   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03325   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03326   464   NtSetInformationFile  (224, 1416616, 126, Rename, ... {status=0x0, info=0}, ) == 0x0
 03327   464   NtClose  (224, ... ) == 0x0
 03328   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=238}, ) == 0x0
 03329   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03330   464   NtClose  (220, ... ) == 0x0
 03331   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03332   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\dslmain\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 03333   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03334   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=448}, ) == 0x0
 03335   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03336   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03337   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03338   464   NtClose  (-2147482028, ... ) == 0x0
 03337   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 03339   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) ../../setup/oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, ) , ) == 0x0
 03340   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03341   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) 5% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) radio (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) dsltype (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) radioDSLNo (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) window.parent.OnClick(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) window.parent.OnFocus(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) 95% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) O (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) radioDSLNo (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", ) , ) == 0x0
 03342   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 5% (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsltype (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioDSLNo (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnClick(); (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnFocus(); (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 95% (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) O (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioDSLNo (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (228, 0, 0, 0, "s, I use a username and password to connect.\15\12                
\15\12                \15\12                
\15\12                No, this c", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03343   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) S (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) NextBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) LocalBtnNext_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) btnNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) newbuttonsNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) N (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=491}, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 03344   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) S (228, 0, 0, 0, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) visibility:visible; (228, 0, 0, 0, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) text-primary (228, 0, 0, 0, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) NextBtnLocalText (228, 0, 0, 0, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) visibility:visible; (228, 0, 0, 0, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) LocalBtnNext_Text (228, 0, 0, 0, "KEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) btnNext (228, 0, 0, 0, "KEY="S" style="visibility:visible;">\15\12\15\12          \15\12        Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) newbuttonsNext (228, 0, 0, 0, "KEY="S" style="visibility:visible;">\15\12\15\12          \15\12        Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) N (228, 0, 0, 0, "KEY="S" style="visibility:visible;">\15\12\15\12          \15\12        Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) visibility:visible; (228, 0, 0, 0, "KEY="S" style="visibility:visible;">\15\12\15\12          \15\12        Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12", 471, 0x0, 0, ... {status=0x0, info=471}, ) , 471, 0x0, 0, ... {status=0x0, info=471}, ) == 0x0
 03345   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03346   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03347   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03348   464   NtClose  (224, ... ) == 0x0
 03349   464   NtClose  (228, ... ) == 0x0
 03350   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm"}, 7, 2113600, ... 228, {status=0x0, info=1}, ) }, 7, 2113600, ... 228, {status=0x0, info=1}, ) == 0x0
 03351   464   NtQueryInformationFile  (228, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03352   464   NtSetInformationFile  (228, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03353   464   NtClose  (228, ... ) == 0x0
 03354   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm.tmp"}, 7, 2113568, ... 228, {status=0x0, info=1}, ) }, 7, 2113568, ... 228, {status=0x0, info=1}, ) == 0x0
 03355   464   NtQueryInformationFile  (228, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03356   464   NtSetInformationFile  (228, 1416616, 122, Rename, ... {status=0x0, info=0}, ) == 0x0
 03357   464   NtClose  (228, ... ) == 0x0
 03358   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03359   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) == 0x0
 03360   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03361   464   NtClose  (-2147482028, ... ) == 0x0
 03360   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03362   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, ) stylesheet (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, ) text/css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, ) ../../setup/oobestyl.css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, ) window.parent.dsl_pppoe_LoadMe();window.parent.Agent_Activate('DSL_A'); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03363   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.dsl_pppoe_LoadMe();window.parent.Agent_Activate('DSL_A'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03364   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", )  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) dsl_password (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) this.select(); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) P (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) dsl_intl_example_password (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) dsl_lbl_servicename (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) dsl_servicename (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) dsl_intl_servicename (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", ) , ) == 0x0
 03365   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_password (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) this.select(); (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) P (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_intl_example_password (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_lbl_servicename (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_servicename (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_intl_servicename (224, 0, 0, 0, "="" name="dsl_password" size=30 onFocus="this.select();" accesskey="P">\15\12            \15\12\15\12            \15\12        \15\12        \15\12            \15\12\15\12          ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03366   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12        \15\12        
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            \15\12             \15\12            \15\12            
\15\12            \15\12            Your ISP's service name:\15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) >\15\12            "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) >Static IP address:\15\12            \15\12            
175>\15\12            "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", )  type= (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", )  value=" (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) dsl_staticip (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) if (dsl_autoip.checked)this.blur(); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) background-Color:'#dddddd' (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) dsl_lbl_prefdns (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) dsl_prefdns (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) R (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) dsl_intl_prefdns (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", ) , ) == 0x0
 03367   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12            "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >Static IP address:\15\12            \15\12            
175>\15\12            "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  type= (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  value=" (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_staticip (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) if (dsl_autoip.checked)this.blur(); (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color:'#dddddd' (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_lbl_prefdns (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_prefdns (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) R (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_intl_prefdns (224, 0, 0, 0, "xt-primary">\15\12            "dsl_intl_staticip">Static IP address:\15\12            \15\12            
\15\12            "3" type="text" value="" name="dsl_staticip" size=20 onFocus="if (dsl_autoip.checked)this.blur();" style="background-Color:'#dddddd'">\15\12            
\15\12            \15\12            Prefe", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03368   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1602},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1602}, "ur();" style="background-Color:'#dddddd'">\15\12            
 \15\12            
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"text-primary">\15\12    \15\12    \15\12    
\15\12\15\12    \15\12\15\12\15\12    "newbuttonposition">\15\12    \15\12        \15\12        \15\12\15\12            \15\12        \15\12        
  
"ur();" style="background-Color:'#dddddd'">\15\12            
 \15\12            
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"text-primary">\15\12    \15\12    \15\12    
\15\12\15\12    \15\12\15\12\15\12    "newbuttonposition">\15\12    \15\12        \15\12        \15\12\15\12\15\12\15\12
  
\15\12            
            
2> \15\12            
        
        
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"ur();" style="background-Color:'#dddddd'">\15\12            \15\12\15\12             \15\12            \15\12        \15\12        \15\12        \15\12        \15\12\15\12        
\15\12    
\15\12\15\12    
"text-primary">\15\12    \15\12    \15\12    
\15\12\15\12    \15\12\15\12\15\12    "newbuttonposition">\15\12    \15\12        \15\12        \15\12\15\12            \15\12        \15\12        
  
\15\12    \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12    0 class= (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1602}, "ur();" style="background-Color:'#dddddd'">\15\12            \15\12\15\12            \15\12        \15\12        
 \15\12            
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"text-primary">\15\12    \15\12    \15\12    
\15\12\15\12    \15\12\15\12\15\12    "newbuttonposition">\15\12    \15\12        \15\12        \15\12\15\12\15\12\15\12            \15\12        \15\12        
  
\15\12    
        
10>  
        
0x0
 03369   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "ur();" style="background-Color:'#dddddd'">\15\12            
 \15\12            
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"text-primary">\15\12    \15\12    \15\12    
\15\12\15\12    \15\12\15\12\15\12    "newbuttonposition">\15\12    \15\12        \15\12        \15\12\15\12            \15\12        \15\12        
  
"ur();" style="background-Color:'#dddddd'">\15\12            
 \15\12            
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"text-primary">\15\12    \15\12    \15\12    
\15\12\15\12    \15\12\15\12\15\12    "newbuttonposition">\15\12    \15\12        \15\12        \15\12\15\12\15\12\15\12
  
\15\12            
            
2> \15\12            
        
        
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"ur();" style="background-Color:'#dddddd'">\15\12            
 \15\12            
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"text-primary">\15\12    \15\12    \15\12    
\15\12\15\12    \15\12\15\12\15\12    "newbuttonposition">\15\12    \15\12        \15\12        \15\12\15\12
  
\15\12    \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12    0 class= (224, 0, 0, 0, "ur();" style="background-Color:'#dddddd'">\15\12            \15\12\15\12            \15\12        \15\12        
 \15\12            
\15\12        \15\12        \15\12\15\12        
\15\12    \15\12\15\12    
"text-primary">\15\12    \15\12    \15\12    
\15\12\15\12    \15\12\15\12\15\12    "newbuttonposition">\15\12    \15\12        \15\12        \15\12\15\12\15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12\15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12\15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12\15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12\15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12\15\12            \15\12        \15\12        <", )  class= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) >\15\12"dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) >Alternate DNS:\15\12\15\12\15\12\15\12\15\12\15\12            \15\12        \15\12        <", )  type= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", )  ACCESSKEY= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", )  value=" (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) dsl_altdns (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) if (dsl_autodns.checked)this.blur(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) ime-mode:disabled; background-Color:'#ffffff' (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) txtAccessKey_A (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) dsl_optional_text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", ) , ) == 0x0
 03392   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  class= (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12"dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >Alternate DNS:\15\12\15\12\15\12\15\12\15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  type= (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  ACCESSKEY= (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  value=" (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_altdns (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) if (dsl_autodns.checked)this.blur(); (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ime-mode:disabled; background-Color:'#ffffff' (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtAccessKey_A (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_optional_text (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (228, 0, 0, 0, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            \15\12\15\12            \15\12        \15\12        <", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03393   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=301},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=301}, "y:visible;">"LocalBtnNext_Text">Next\15\12        \15\12    \15\12    
  
\15\12    
        
10>  
        
1582, 0x0, 0, ... {status=0x0, info=1582}, ) == 0x0
 03370   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03371   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03372   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03373   464   NtClose  (228, ... ) == 0x0
 03374   464   NtClose  (224, ... ) == 0x0
 03375   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03376   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03377   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03378   464   NtClose  (224, ... ) == 0x0
 03379   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03380   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03381   464   NtSetInformationFile  (224, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03382   464   NtClose  (224, ... ) == 0x0
 03383   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03384   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03385   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03386   464   NtClose  (-2147482028, ... ) == 0x0
 03385   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 03387   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", ) ../../setup/oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", ) window.parent.dsl_broadband_LoadMe(); window.parent.Agent_Activate('DSL_B'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", ) , ) == 0x0
 03388   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.dsl_broadband_LoadMe(); window.parent.Agent_Activate('DSL_B'); (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12\15\12  \15\12  \15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03389   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , )  id= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , ) >\15\12            
            
\15\12            "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , )  for= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , )  class= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , ) >\15\12            "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , ) >Obtain DNS automatically :\15\12            \15\12            
            
\15\12            "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , )  type= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , )  ACCESSKEY= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , )  value=" (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , ) dsl_autodns (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , ) window.parent.dsl_autodnsClickHandler(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , ) txtAccessKey_D (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , ) , ) == 0x0
 03390   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, )  id= (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12            
            
\15\12            "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, )  for= (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, )  class= (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12            "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >Obtain DNS automatically :\15\12            \15\12            
            
\15\12            "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, )  type= (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, )  ACCESSKEY= (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, )  value=" (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) dsl_autodns (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.dsl_autodnsClickHandler(); (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtAccessKey_D (228, 0, 0, 0, "ndler();" id="txtAccessKey_I">\15\12            
\15\12            "dsl_lbl_autodns" for="dsl_autodns" class="text-primary">\15\12            "dsl_intl_autodns">Obtain DNS automatically :\15\12            \15\12            
\15\12            "2" type="checkbox" ACCESSKEY="D" value=""\15\12            id="dsl_autodns" size=30\15\12            onClick="window.parent.dsl_autodnsClickHandler();" id="txtAccessKey_D">\15\12            , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03391   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
                                    
\15\12            "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
                                    
\15\12            "dns" class="text-primary">\15\12            "dsl_intl_altdns">Alternate DNS:\15\12            \15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
\15\12            "7" type="text" ACCESSKEY="A" value="" name="dsl_altdns" size=20 onFocus="if (dsl_autodns.checked)this.blur();" style="ime-mode:disabled; background-Color:'#ffffff'" id="txtAccessKey_A">\15\12             (Optional)\15\12            
"btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) >"y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) >Next\15\12        "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", )  class= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=301}, "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", )  TABINDEX=10 ACCESSKEY= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=301}, "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", )  style= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=301}, "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) >\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) == 0x0
 03394   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12", 281, 0x0, 0, ... {status=0x0, info=281}, ) >"y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12", 281, 0x0, 0, ... {status=0x0, info=281}, ) >Next\15\12        "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12", 281, 0x0, 0, ... {status=0x0, info=281}, )  class= (228, 0, 0, 0, "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12", 281, 0x0, 0, ... {status=0x0, info=281}, )  TABINDEX=10 ACCESSKEY= (228, 0, 0, 0, "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12", 281, 0x0, 0, ... {status=0x0, info=281}, )  style= (228, 0, 0, 0, "y:visible;">"LocalBtnNext_Text">Next\15\12        "btnNext" class="newbuttonsNext" TABINDEX=10 ACCESSKEY="N" style="visibility:visible;">\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12", 281, 0x0, 0, ... {status=0x0, info=281}, ) >\15\12    \15\12    \15\12\15\12\15\12    \15\12\15\12\15\12\15\12", 281, 0x0, 0, ... {status=0x0, info=281}, ) == 0x0
 03395   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03396   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03397   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03398   464   NtClose  (224, ... ) == 0x0
 03399   464   NtClose  (228, ... ) == 0x0
 03400   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm"}, 7, 2113600, ... 228, {status=0x0, info=1}, ) }, 7, 2113600, ... 228, {status=0x0, info=1}, ) == 0x0
 03401   464   NtQueryInformationFile  (228, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03402   464   NtSetInformationFile  (228, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03403   464   NtClose  (228, ... ) == 0x0
 03404   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm.tmp"}, 7, 2113568, ... 228, {status=0x0, info=1}, ) }, 7, 2113568, ... 228, {status=0x0, info=1}, ) == 0x0
 03405   464   NtQueryInformationFile  (228, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03406   464   NtSetInformationFile  (228, 1359856, 118, Rename, ... {status=0x0, info=0}, ) == 0x0
 03407   464   NtClose  (228, ... ) == 0x0
 03408   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=344}, ) == 0x0
 03409   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03410   464   NtClose  (220, ... ) == 0x0
 03411   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03412   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\isptype\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 03413   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03414   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=220}, ) == 0x0
 03415   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03416   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\isptype\isptype.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) == 0x0
 03417   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\isptype\isptype.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03418   464   NtClose  (-2147482028, ... ) == 0x0
 03417   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03419   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\120x0
 03420   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03421   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) radio (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) connecttype (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) radioHighSpeed (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) window.parent.OnClick(); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) window.parent.OnFocus(); (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) 95% (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) isptypeHighSpeedSpn2 (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) display:none (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) H (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) radioHighSpeed (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", ) , ) == 0x0
 03422   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) connecttype (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioHighSpeed (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnClick(); (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnFocus(); (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 95% (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) isptypeHighSpeedSpn2 (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) H (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioHighSpeed (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (224, 0, 0, 0, "nput TABINDEX=3 type="radio" name="connecttype" ID="radioHighSpeed" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        High speed connection (DSL, Cable Modem, etc.)\15\12        \15\12        \15\12        \15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03423   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, " (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) newbuttonsBack (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) B (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) visibility:visible; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) BackBtnLocalText (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) visibility:visible; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) LocalBtnBack_Text (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) text-primary (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) SkipBtnLocalText (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) visibility:hidden; (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) LocalBtnSkip_Text (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1087}, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, ) , ) == 0x0
 03424   464   NtWriteFile  (224, 0, 0, 0, " (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) newbuttonsBack (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) B (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) visibility:visible; (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) text-primary (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) BackBtnLocalText (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) visibility:visible; (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) LocalBtnBack_Text (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) text-primary (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) SkipBtnLocalText (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) visibility:hidden; (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) LocalBtnSkip_Text (224, 0, 0, 0, "" class="newbuttonsBack" TABINDEX=5  ACCESSKEY="B" style="visibility:visible;">\15\12        Back\15\12\15\12         \15\12        Skip, 1063, 0x0, 0, ... {status=0x0, info=1063}, ) , 1063, 0x0, 0, ... {status=0x0, info=1063}, ) == 0x0
 03425   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03426   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12\15\12\15\12", 24, 0x0, 0, ... {status=0x0, info=24}, ) , 24, 0x0, 0, ... {status=0x0, info=24}, ) == 0x0
 03427   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03428   464   NtClose  (228, ... ) == 0x0
 03429   464   NtClose  (224, ... ) == 0x0
 03430   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\isptype\isptype.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03431   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03432   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03433   464   NtClose  (224, ... ) == 0x0
 03434   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\isptype\isptype.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03435   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03436   464   NtSetInformationFile  (224, 1416616, 122, Rename, ... {status=0x0, info=0}, ) == 0x0
 03437   464   NtClose  (224, ... ) == 0x0
 03438   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=116}, ) == 0x0
 03439   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03440   464   NtClose  (220, ... ) == 0x0
 03441   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03442   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\sconnect\"}, 3, 16417, ... 220, {status=0x0, info=1}, ) }, 3, 16417, ... 220, {status=0x0, info=1}, ) == 0x0
 03443   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1,  (220, 0, 0, 0, 1243696, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03444   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=342}, ) == 0x0
 03445   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03446   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03447   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03448   464   NtClose  (-2147482028, ... ) == 0x0
 03447   464   NtCreateFile  ... 228, {status=0x0, info=2}, ) == 0x0
 03449   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\120x0
 03450   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\124.0 Transitional//EN (228, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03451   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) newbuttonposition (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) btnBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) newbuttonsBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) B (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) BackBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) LocalBtnBack_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1284}, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", ) , ) == 0x0
 03452   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) newbuttonposition (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) btnBack (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) newbuttonsBack (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) B (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) visibility:visible; (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) text-primary (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) BackBtnLocalText (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) visibility:visible; (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) LocalBtnBack_Text (228, 0, 0, 0, "lickNextStr);\15\12    \15\12    -->\15\12\15\12    \15\12    
  
Back
\15\12    \15\12        \15\12        \15\12        \15\12\15\12      ", 1266, 0x0, 0, ... {status=0x0, info=1266}, ) , 1266, 0x0, 0, ... {status=0x0, info=1266}, ) == 0x0
 03453   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (228, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03454   464   NtWriteFile  (228, 0, 0, 0,  (228, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03455   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03456   464   NtClose  (224, ... ) == 0x0
 03457   464   NtClose  (228, ... ) == 0x0
 03458   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm"}, 7, 2113600, ... 228, {status=0x0, info=1}, ) }, 7, 2113600, ... 228, {status=0x0, info=1}, ) == 0x0
 03459   464   NtQueryInformationFile  (228, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03460   464   NtSetInformationFile  (228, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03461   464   NtClose  (228, ... ) == 0x0
 03462   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm.tmp"}, 7, 2113568, ... 228, {status=0x0, info=1}, ) }, 7, 2113568, ... 228, {status=0x0, info=1}, ) == 0x0
 03463   464   NtQueryInformationFile  (228, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03464   464   NtSetInformationFile  (228, 1416616, 126, Rename, ... {status=0x0, info=0}, ) == 0x0
 03465   464   NtClose  (228, ... ) == 0x0
 03466   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03467   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244928,  (0x80100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 228, {status=0x0, info=1}, ) == 0x0
 03468   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244928,  (0x40100080, {24, 0, 0x40, 0, 1244928, "\??\C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03469   464   NtClose  (-2147482028, ... ) == 0x0
 03468   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03470   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, ) stylesheet (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, ) text/css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, ) ../../setup/oobestyl.css (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, ) , ) == 0x0
 03471   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ../../setup/oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12  \15\12  \15\12  \15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03472   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1573},  (228, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1573}, "o continue\15\12        -->\15\12        \15\12\15\12                          \15\12\15\12        \15\12\15\12\15\12    
  
Back
\15\12    \15\12        \15\12        \15\12    \15\12    
  
\15\12        \15\12\15\12                          \15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
  
\15\12        \15\12\15\12                          \15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
  
NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "o continue\15\12        -->\15\12        \15\12\15\12                          \15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
  
\15\12        \15\12\15\12                          \15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
  
\15\12        \15\12\15\12                          \15\12\15\12        \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
  
NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03475   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03476   464   NtReadFile  (228, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03477   464   NtClose  (228, ... ) == 0x0
 03478   464   NtClose  (224, ... ) == 0x0
 03479   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03480   464   NtQueryInformationFile  (224, 1244992, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03481   464   NtSetInformationFile  (224, 1245043, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03482   464   NtClose  (224, ... ) == 0x0
 03483   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03484   464   NtQueryInformationFile  (224, 1244832, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03485   464   NtSetInformationFile  (224, 1416616, 126, Rename, ... {status=0x0, info=0}, ) == 0x0
 03486   464   NtClose  (224, ... ) == 0x0
 03487   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=238}, ) == 0x0
 03488   464   NtQueryDirectoryFile  (220, 0, 0, 0, 1411648, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03489   464   NtClose  (220, ... ) == 0x0
 03490   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03491   464   NtClose  (216, ... ) == 0x0
 03492   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03493   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\images\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 03494   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03495   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=3998}, ) == 0x0
 03496   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=2250}, ) == 0x0
 03497   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... ) == STATUS_NO_MORE_FILES
 03498   464   NtClose  (216, ... ) == 0x0
 03499   464   NtDelayExecution  (0, {-500000, -1}, ... ) == 0x0
 03500   464   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\"}, 3, 16417, ... 216, {status=0x0, info=1}, ) }, 3, 16417, ... 216, {status=0x0, info=1}, ) == 0x0
 03501   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1,  (216, 0, 0, 0, 1243708, 616, BothDirectory, 1, "*", 0, ... {status=0x0, info=96}, ) , 0, ... {status=0x0, info=96}, ) == 0x0
 03502   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=4020}, ) == 0x0
 03503   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03504   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\act_plcy.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03505   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\act_plcy.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03506   464   NtClose  (-2147482028, ... ) == 0x0
 03505   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03507   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.New_Default_LoadMe('SimpleBack'); window.btnBack.focus(); window.parent.Agent_Activate('ActivationPrivacyPolicy'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03508   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.New_Default_LoadMe('SimpleBack'); window.btnBack.focus(); window.parent.Agent_Activate('ActivationPrivacyPolicy'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03509   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "your product, the information that you provide will be securely stored by Microsoft and will be protected from disclosure to third parties without your consent.\15\12\15\12If you believe that Microsoft has not adhered to these privacy principles, please notify us by postal mail at the following address:\15\12\15\12Microsoft\15\12Attn: Microsoft Product Activation \15\12One Microsoft Way\15\12Redmond, Washington 98052-6399\15\12USA\15\12\15\12We will use commercially reasonable efforts to promptly determine and correct the problem.\15\12, ) , ) == 0x0
 03510   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "your product, the information that you provide will be securely stored by Microsoft and will be protected from disclosure to third parties without your consent.\15\12\15\12If you believe that Microsoft has not adhered to these privacy principles, please notify us by postal mail at the following address:\15\12\15\12Microsoft\15\12Attn: Microsoft Product Activation \15\12One Microsoft Way\15\12Redmond, Washington 98052-6399\15\12USA\15\12\15\12We will use commercially reasonable efforts to promptly determine and correct the problem.\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03511   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=104},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=104}, "ity:hidden;">\15\12    \15\12    \15\12\15\12    
\15\12\15\12\15\12\15\12", ) >
    
    
\15\12\15\12    
\15\12\15\12\15\12\15\12", ) == 0x0
 03512   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "ity:hidden;">
\15\12\15\12    
\15\12", 84, 0x0, 0, ... {status=0x0, info=84}, ) >
\15\12\15\12    \15\12\15\12\15\12", 84, 0x0, 0, ... {status=0x0, info=84}, ) == 0x0
 03513   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03514   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03515   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03516   464   NtClose  (220, ... ) == 0x0
 03517   464   NtClose  (224, ... ) == 0x0
 03518   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\act_plcy.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03519   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03520   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03521   464   NtClose  (224, ... ) == 0x0
 03522   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\act_plcy.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03523   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03524   464   NtSetInformationFile  (224, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 03525   464   NtClose  (224, ... ) == 0x0
 03526   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03527   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\acterror.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03528   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\acterror.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03529   464   NtClose  (-2147482028, ... ) == 0x0
 03528   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03530   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, ) window.parent.acterror_LoadMe();window.parent.Agent_Activate('ActivationError'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03531   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.acterror_LoadMe();window.parent.Agent_Activate('ActivationError'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12        \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03532   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1767},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1767}, "ID id=act_par2>During the  day(s), we'll remind you periodically to activate Windows. You can use the Activate Windows wizard, which you'll find on the Start menu.

When you try again, if you still have trouble reaching our activation center, you will be able to contact an activation center customer service representative to activate Windows by phone.\15\12    \15\12\15\12\15\12    

\15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\120x0
 03575   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03576   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567}, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, ) display:none; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567}, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567}, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, ) txtBadEula1 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567}, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, ) emphasis-lesser (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567}, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, ) newbuttonposition (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567}, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, ) btnBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567}, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, ) newbuttonsBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1567}, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, ) , ) == 0x0
 03577   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, 1549, 0x0, 0, ... {status=0x0, info=1549}, ) display:none; (220, 0, 0, 0, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, 1549, 0x0, 0, ... {status=0x0, info=1549}, ) text-primary (220, 0, 0, 0, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, 1549, 0x0, 0, ... {status=0x0, info=1549}, ) txtBadEula1 (220, 0, 0, 0, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, 1549, 0x0, 0, ... {status=0x0, info=1549}, ) emphasis-lesser (220, 0, 0, 0, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, 1549, 0x0, 0, ... {status=0x0, info=1549}, ) newbuttonposition (220, 0, 0, 0, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, 1549, 0x0, 0, ... {status=0x0, info=1549}, ) btnBack (220, 0, 0, 0, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, 1549, 0x0, 0, ... {status=0x0, info=1549}, ) newbuttonsBack (220, 0, 0, 0, "    \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12            To read the License Agreement, click Back.\15\12        
\15\12\15\12    \15\12    \15\12        \15\12        \15\12            \15\12          
  
, 1549, 0x0, 0, ... {status=0x0, info=1549}, ) , 1549, 0x0, 0, ... {status=0x0, info=1549}, ) == 0x0
 03578   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03579   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03580   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03581   464   NtClose  (224, ... ) == 0x0
 03582   464   NtClose  (220, ... ) == 0x0
 03583   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\badeula.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03584   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03585   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03586   464   NtClose  (220, ... ) == 0x0
 03587   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\badeula.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03588   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03589   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03590   464   NtClose  (220, ... ) == 0x0
 03591   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03592   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\badpkey.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03593   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\badpkey.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03594   464   NtClose  (-2147482028, ... ) == 0x0
 03593   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03595   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\120x0
 03596   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03597   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ns, contact your local Microsoft subsidiary.\15\12            \15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", ) BadPID_INFO3 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", ) txtBadPID (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", ) emphasis-lesser (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", ) BadPID_INFO4 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", ) , ) == 0x0
 03598   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", 2033, 0x0, 0, ... {status=0x0, info=2033}, ) text-primary (224, 0, 0, 0, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", 2033, 0x0, 0, ... {status=0x0, info=2033}, ) BadPID_INFO3 (224, 0, 0, 0, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", 2033, 0x0, 0, ... {status=0x0, info=2033}, ) txtBadPID (224, 0, 0, 0, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", 2033, 0x0, 0, ... {status=0x0, info=2033}, ) emphasis-lesser (224, 0, 0, 0, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", 2033, 0x0, 0, ... {status=0x0, info=2033}, ) text-primary (224, 0, 0, 0, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", 2033, 0x0, 0, ... {status=0x0, info=2033}, ) BadPID_INFO4 (224, 0, 0, 0, "ns, contact your local Microsoft subsidiary.\15\12            
\15\12            
\15\12        \15\12        \15\12\15\12\15\12\15\12
If you don't have a valid product key, click the Shutdown button below to turn off your computer: \15\12
\15\12\15\12\15\12
\15\12\15\12\15\12
When you restart your computer, you'll return", 2033, 0x0, 0, ... {status=0x0, info=2033}, ) , 2033, 0x0, 0, ... {status=0x0, info=2033}, ) == 0x0
 03599   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03600   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12, 15, 0x0, 0, ... {status=0x0, info=15}, ) , 15, 0x0, 0, ... {status=0x0, info=15}, ) == 0x0
 03601   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=5},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=5}, ">\15\12\15\12", ) , ) == 0x0
 03602   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, ">\15\12\15\12", 5, 0x0, 0, ... {status=0x0, info=5}, ) , 5, 0x0, 0, ... {status=0x0, info=5}, ) == 0x0
 03603   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03604   464   NtClose  (220, ... ) == 0x0
 03605   464   NtClose  (224, ... ) == 0x0
 03606   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\badpkey.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03607   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03608   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03609   464   NtClose  (224, ... ) == 0x0
 03610   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\badpkey.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03611   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03612   464   NtSetInformationFile  (224, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03613   464   NtClose  (224, ... ) == 0x0
 03614   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03615   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\compname.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03616   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\compname.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03617   464   NtClose  (-2147482028, ... ) == 0x0
 03616   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03618   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    -//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12  \15\12    \15\12    \15\12  \15\12\15\12\15\12\15\12    NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12              \15\12                
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) 15% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) C (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) computer-name-box (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) txtCompName (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) 1 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) CompNameErrorExplained (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) 70% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) lblCompNameError (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) text-error (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) display:none; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) txtCompNameErrorExplained (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", ) , ) == 0x0
 03621   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 15% (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) C (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) computer-name-box (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtCompName (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1 (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) CompNameErrorExplained (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 70% (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) lblCompNameError (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-error (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none; (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtCompNameErrorExplained (220, 0, 0, 0, "r name: \15\12              \15\12              
\15\12                \15\12                \15\12              
 Please re-enter the computer name usin", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03622   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) newbuttonposition (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) btnBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) newbuttonsBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) B (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) BackBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) LocalBtnBack_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1308}, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, ) , ) == 0x0
 03623   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) newbuttonposition (220, 0, 0, 0, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) btnBack (220, 0, 0, 0, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) newbuttonsBack (220, 0, 0, 0, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) B (220, 0, 0, 0, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) visibility:visible; (220, 0, 0, 0, " 
\15\12              
\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) text-primary (220, 0, 0, 0, " 
\15\12              \15\12            \15\12          \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) BackBtnLocalText (220, 0, 0, 0, " 
\15\12              \15\12            \15\12          \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) visibility:visible; (220, 0, 0, 0, " 
\15\12              \15\12            \15\12          \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12                
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) LocalBtnBack_Text (220, 0, 0, 0, " 
\15\12              \15\12            \15\12          \15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
Back, 1290, 0x0, 0, ... {status=0x0, info=1290}, ) , 1290, 0x0, 0, ... {status=0x0, info=1290}, ) == 0x0
 03624   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03625   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03626   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03627   464   NtClose  (224, ... ) == 0x0
 03628   464   NtClose  (220, ... ) == 0x0
 03629   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\compname.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03630   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03631   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03632   464   NtClose  (220, ... ) == 0x0
 03633   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\compname.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03634   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03635   464   NtSetInformationFile  (220, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 03636   464   NtClose  (220, ... ) == 0x0
 03637   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03638   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\dialup.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03639   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\dialup.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03640   464   NtClose  (-2147482028, ... ) == 0x0
 03639   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03641   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
0x0
 03642   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12    
4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12    
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12    
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12    
2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03643   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=123},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=123}, "style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=123}, "style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 03644   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", 103, 0x0, 0, ... {status=0x0, info=103}, ) visibility:visible; (224, 0, 0, 0, "style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", 103, 0x0, 0, ... {status=0x0, info=103}, ) , 103, 0x0, 0, ... {status=0x0, info=103}, ) == 0x0
 03645   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03646   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03647   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03648   464   NtClose  (220, ... ) == 0x0
 03649   464   NtClose  (224, ... ) == 0x0
 03650   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\dialup.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03651   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03652   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03653   464   NtClose  (224, ... ) == 0x0
 03654   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\dialup.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03655   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03656   464   NtSetInformationFile  (224, 1353616, 106, Rename, ... {status=0x0, info=0}, ) == 0x0
 03657   464   NtClose  (224, ... ) == 0x0
 03658   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03659   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\drdyisp.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03660   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\drdyisp.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03661   464   NtClose  (-2147482028, ... ) == 0x0
 03660   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03662   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\120x0
 03663   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03664   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) window.parent.KeyPressIsNumeric(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) window.parent.OnFocus(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) PulseToneDialing (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) visibility:hidden (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) T (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) radioTouchToneYes (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) radio (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) window.parent.OnFocus(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) Tapi_TOUCHTONE_YES (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) radioTouchToneYes (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", ) , ) == 0x0
 03665   464   NtWriteFile  (220, 0, 0, 0, " (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.KeyPressIsNumeric(); (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnFocus(); (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) PulseToneDialing (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) visibility:hidden (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) T (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioTouchToneYes (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnFocus(); (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) Tapi_TOUCHTONE_YES (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioTouchToneYes (220, 0, 0, 0, "" onkeypress="window.parent.KeyPressIsNumeric();" onfocus="window.parent.OnFocus();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03666   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, ) 4 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, ) window.parent.KeyPressIsNumeric(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, ) newbuttonposition (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, ) btnBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, ) newbuttonsBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, ) B (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, ) BackBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1366}, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, ) , ) == 0x0
 03667   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) 4 (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12\15\12\15\12\15\12\15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12\15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12\15\12\15\12\15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12\15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12\15\12\15\12\15\12\15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12\15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12\15\12\15\12\15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12\15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12    \15\12    \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12      \15\12\15\12
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) window.parent.KeyPressIsNumeric(); (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) newbuttonposition (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) btnBack (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) newbuttonsBack (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) B (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) visibility:visible; (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) text-primary (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) BackBtnLocalText (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12        \15\12    \15\12    
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) visibility:visible; (220, 0, 0, 0, "ineNumber maxlength=10 size="4" onkeypress="window.parent.KeyPressIsNumeric();">\15\12                            \15\12\15\12    

\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
, 1346, 0x0, 0, ... {status=0x0, info=1346}, ) , 1346, 0x0, 0, ... {status=0x0, info=1346}, ) == 0x0
 03668   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03669   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03670   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03671   464   NtClose  (224, ... ) == 0x0
 03672   464   NtClose  (220, ... ) == 0x0
 03673   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\drdyisp.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03674   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03675   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03676   464   NtClose  (220, ... ) == 0x0
 03677   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\drdyisp.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03678   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03679   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03680   464   NtClose  (220, ... ) == 0x0
 03681   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03682   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\drdymig.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03683   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\drdymig.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03684   464   NtClose  (-2147482028, ... ) == 0x0
 03683   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03685   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\120x0
 03686   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03687   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) ime-mode:disabled (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) text (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) textfield (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) 7 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) 7 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) window.parent.KeyPressIsNumeric(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) window.parent.OnFocus(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) PulseToneDialing (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) visibility:hidden (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) T (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) radioTouchToneYes (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) radio (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , ) , ) == 0x0
 03688   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ime-mode:disabled (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) textfield (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 7 (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 7 (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.KeyPressIsNumeric(); (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnFocus(); (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) PulseToneDialing (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) visibility:hidden (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) T (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioTouchToneYes (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (224, 0, 0, 0, "/p>\15\12        
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03689   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, " (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) newbuttonposition (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) btnBack (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) newbuttonsBack (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) B (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) visibility:visible; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) BackBtnLocalText (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) visibility:visible; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) LocalBtnBack_Text (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1260}, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", ) , ) == 0x0
 03690   464   NtWriteFile  (224, 0, 0, 0, " (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) newbuttonposition (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) btnBack (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) newbuttonsBack (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) B (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) visibility:visible; (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) text-primary (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) BackBtnLocalText (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) visibility:visible; (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) LocalBtnBack_Text (224, 0, 0, 0, "">\15\12        \15\12\15\12

\15\12\15\12\15\12    
  
Back
 
\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12 ", 1240, 0x0, 0, ... {status=0x0, info=1240}, ) , 1240, 0x0, 0, ... {status=0x0, info=1240}, ) == 0x0
 03691   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03692   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03693   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03694   464   NtClose  (220, ... ) == 0x0
 03695   464   NtClose  (224, ... ) == 0x0
 03696   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\drdymig.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03697   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03698   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03699   464   NtClose  (224, ... ) == 0x0
 03700   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\drdymig.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03701   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03702   464   NtSetInformationFile  (224, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03703   464   NtClose  (224, ... ) == 0x0
 03704   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03705   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\drdyoem.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03706   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\drdyoem.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03707   464   NtClose  (-2147482028, ... ) == 0x0
 03706   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03708   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    
  
Back
 
, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , ) window.parent.RegDialRdy_LoadMe(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , ) maincell.style.visibility='hidden'; window.parent.ProcessQueuedEvents(); window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , ) , ) == 0x0
 03709   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.RegDialRdy_LoadMe(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) maincell.style.visibility='hidden'; window.parent.ProcessQueuedEvents(); window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03710   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) window.parent.KeyPressIsNumeric(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) PulseToneDialing (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) visibility:hidden (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) T (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) radioTouchToneYes (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) radio (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) Tapi_TOUCHTONE_YES (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) radioTouchToneYes (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) radio (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", ) , ) == 0x0
 03711   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.KeyPressIsNumeric(); (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) PulseToneDialing (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) visibility:hidden (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) T (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioTouchToneYes (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) Tapi_TOUCHTONE_YES (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioTouchToneYes (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (220, 0, 0, 0, "ress="window.parent.KeyPressIsNumeric();">
\15\12\15\12        \15\12        Do you have touch tone service?\15\12        \15\12        Yes\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03712   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, ) newbuttonposition (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, ) btnBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, ) newbuttonsBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, ) B (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, ) BackBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, ) LocalBtnBack_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1241}, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, ) , ) == 0x0
 03713   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) newbuttonposition (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) btnBack (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) newbuttonsBack (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) B (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) visibility:visible; (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) text-primary (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) BackBtnLocalText (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) visibility:visible; (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) LocalBtnBack_Text (220, 0, 0, 0, "PAN>\15\12

\15\12\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12
  
Back
 
, 1221, 0x0, 0, ... {status=0x0, info=1221}, ) , 1221, 0x0, 0, ... {status=0x0, info=1221}, ) == 0x0
 03714   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03715   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03716   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03717   464   NtClose  (224, ... ) == 0x0
 03718   464   NtClose  (220, ... ) == 0x0
 03719   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\drdyoem.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03720   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03721   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03722   464   NtClose  (220, ... ) == 0x0
 03723   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\drdyoem.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03724   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03725   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03726   464   NtClose  (220, ... ) == 0x0
 03727   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03728   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\drdyref.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03729   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\drdyref.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03730   464   NtClose  (-2147482028, ... ) == 0x0
 03729   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03731   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\120x0
 03732   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03733   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) 5% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) radio (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) ISPSetupMethodType (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) radioNoISPAuto (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) window.parent.checkISPSetupType(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) window.parent.OnFocus(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) 95% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) O (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) radioNoISPAuto (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", ) , ) == 0x0
 03734   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 5% (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ISPSetupMethodType (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioNoISPAuto (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.checkISPSetupType(); (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnFocus(); (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 95% (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) O (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioNoISPAuto (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (224, 0, 0, 0, "about my account\15\12                \15\12            
  \15\12            \15\12            
\15\12                \15\12              ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03735   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) PulseToneDialing (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) visibility:hidden (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) T (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) radioTouchToneYes (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) radio (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) window.parent.OnFocus(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) Tapi_TOUCHTONE_YES (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) radioTouchToneYes (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) radio (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , ) , ) == 0x0
 03736   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) PulseToneDialing (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) visibility:hidden (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) T (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioTouchToneYes (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnFocus(); (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) Tapi_TOUCHTONE_YES (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radioTouchToneYes (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) radio (224, 0, 0, 0, " \15\12                Do you have touch tone service?\15\12                \15\12                Yes\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03737   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1181},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1181}, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", ) >\15\12    
        
10>  
        
"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", )  class= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1181}, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", )  TABINDEX=6  ACCESSKEY= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1181}, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", )  style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1181}, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", ) >
        
"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", ) >"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", )  style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1181}, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", ) >"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", ) >Back
        
99%> 
        
"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", ) >"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", ) , ) == 0x0
 03738   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, ) >\15\12    
        
10>  
        
"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, )  class= (224, 0, 0, 0, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, )  TABINDEX=6  ACCESSKEY= (224, 0, 0, 0, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, )  style= (224, 0, 0, 0, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, ) >
        
"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, ) >"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, )  style= (224, 0, 0, 0, "uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, ) >"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, ) >Back
        
99%> 
        
"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, ) >"uttonposition">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=6  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocal", 1163, 0x0, 0, ... {status=0x0, info=1163}, ) , 1163, 0x0, 0, ... {status=0x0, info=1163}, ) == 0x0
 03739   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03740   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03741   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03742   464   NtClose  (220, ... ) == 0x0
 03743   464   NtClose  (224, ... ) == 0x0
 03744   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\drdyref.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03745   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03746   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03747   464   NtClose  (224, ... ) == 0x0
 03748   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\drdyref.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03749   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03750   464   NtSetInformationFile  (224, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03751   464   NtClose  (224, ... ) == 0x0
 03752   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03753   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\dtiwait.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03754   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\dtiwait.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03755   464   NtClose  (-2147482028, ... ) == 0x0
 03754   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03756   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, ) window.parent.InitFrameRef(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, ) 100% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, ) 100% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, ) 7% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=926}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, ) , ) == 0x0
 03757   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 908, 0x0, 0, ... {status=0x0, info=908}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 908, 0x0, 0, ... {status=0x0, info=908}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 908, 0x0, 0, ... {status=0x0, info=908}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 908, 0x0, 0, ... {status=0x0, info=908}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 908, 0x0, 0, ... {status=0x0, info=908}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 908, 0x0, 0, ... {status=0x0, info=908}, ) window.parent.InitFrameRef(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 908, 0x0, 0, ... {status=0x0, info=908}, ) 100% (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 908, 0x0, 0, ... {status=0x0, info=908}, ) 100% (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 908, 0x0, 0, ... {status=0x0, info=908}, ) 7% (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 908, 0x0, 0, ... {status=0x0, info=908}, ) , 908, 0x0, 0, ... {status=0x0, info=908}, ) == 0x0
 03758   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03759   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03760   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03761   464   NtClose  (224, ... ) == 0x0
 03762   464   NtClose  (220, ... ) == 0x0
 03763   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\dtiwait.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03764   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03765   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03766   464   NtClose  (220, ... ) == 0x0
 03767   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\dtiwait.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03768   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03769   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03770   464   NtClose  (220, ... ) == 0x0
 03771   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03772   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\fini.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03773   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\fini.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03774   464   NtClose  (-2147482028, ... ) == 0x0
 03773   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03775   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", ) background-color:transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", ) window.parent.FinishPage_LoadMe(); window.parent.Agent_Activate('Finish'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", ) , ) == 0x0
 03776   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-color:transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.FinishPage_LoadMe(); window.parent.Agent_Activate('Finish'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03777   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1168},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1168}, "on">\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", ) >\15\12    
10>  
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", )  class= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1168}, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", )  TABINDEX=-1 ACCESSKEY= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1168}, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", )  style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1168}, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", ) >
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", )  style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1168}, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", ) >Back
99%> 
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", )  style="", ) == 0x0
 03778   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, ) >\15\12    
10>  
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, )  class= (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, )  TABINDEX=-1 ACCESSKEY= (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, )  style= (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, ) >
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, )  style= (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, ) >Back
99%> 
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=-1 ACCESSKEY="B" style="visibility:hidden;">
"text-primary">"BackBtnLocalText" style="visibility:hidden;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, )  style="", 1150, 0x0, 0, ... {status=0x0, info=1150}, ) == 0x0
 03779   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03780   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03781   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03782   464   NtClose  (220, ... ) == 0x0
 03783   464   NtClose  (224, ... ) == 0x0
 03784   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\fini.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03785   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03786   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03787   464   NtClose  (224, ... ) == 0x0
 03788   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\fini.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03789   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03790   464   NtSetInformationFile  (224, 1415848, 102, Rename, ... {status=0x0, info=0}, ) == 0x0
 03791   464   NtClose  (224, ... ) == 0x0
 03792   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03793   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03794   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03795   464   NtClose  (-2147482028, ... ) == 0x0
 03794   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03796   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, ) window.parent.New_Default_LoadMe();window.parent.Agent_Activate('2nics'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) , ) == 0x0
 03797   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.New_Default_LoadMe();window.parent.Agent_Activate('2nics'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12        \15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03798   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) S (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) NextBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) LocalBtnNext_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) btnNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) newbuttonsNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) N (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=501}, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15", ) , ) == 0x0
 03799   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) S (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) visibility:visible; (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) text-primary (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) NextBtnLocalText (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) visibility:visible; (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) LocalBtnNext_Text (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) btnNext (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) newbuttonsNext (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) N (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) visibility:visible; (220, 0, 0, 0, "  ACCESSKEY="S" style="visibility:visible;">
  
Next
\15\12\15\12    
\15\12\15\12\15\12", 481, 0x0, 0, ... {status=0x0, info=481}, ) , 481, 0x0, 0, ... {status=0x0, info=481}, ) == 0x0
 03800   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03801   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03802   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03803   464   NtClose  (224, ... ) == 0x0
 03804   464   NtClose  (220, ... ) == 0x0
 03805   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03806   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03807   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03808   464   NtClose  (220, ... ) == 0x0
 03809   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03810   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03811   464   NtSetInformationFile  (220, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 03812   464   NtClose  (220, ... ) == 0x0
 03813   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03814   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\iconn.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03815   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\iconn.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03816   464   NtClose  (-2147482028, ... ) == 0x0
 03815   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03817   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , ) window.parent.IconnLoadMe();window.parent.Agent_Activate('Iconn'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , ) , ) == 0x0
 03818   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.IconnLoadMe();window.parent.Agent_Activate('Iconn'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03819   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1346},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1346}, "\12        \15\12    \15\12    \15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
0x0
 03820   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
  
"\12        
\15\12    \15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12
  
1328, 0x0, 0, ... {status=0x0, info=1328}, ) == 0x0
 03821   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03822   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03823   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03824   464   NtClose  (220, ... ) == 0x0
 03825   464   NtClose  (224, ... ) == 0x0
 03826   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\iconn.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03827   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03828   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03829   464   NtClose  (224, ... ) == 0x0
 03830   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\iconn.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03831   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03832   464   NtSetInformationFile  (224, 1415848, 104, Rename, ... {status=0x0, info=0}, ) == 0x0
 03833   464   NtClose  (224, ... ) == 0x0
 03834   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03835   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\ics.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03836   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\ics.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03837   464   NtClose  (-2147482028, ... ) == 0x0
 03836   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03838   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", ) window.parent.IcsLoadMe();window.parent.Agent_Activate('ICS'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", ) , ) == 0x0
 03839   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.IcsLoadMe();window.parent.Agent_Activate('ICS'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03840   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  style= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12\15\12
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", ) >\15\12        \15\12        
"atus_ics0" style="display:none">\15\12        
\15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  width= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12\15\12
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  height= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", ) >
\15\12        \15\12    \15\12    \15\12    0 cellpadding=4 cellspacing=0>\15\12\15\12\15\12\15\12
    
        
\15\12        "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  id= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  style= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", ) >\15\12            5 ID= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  name= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  type= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  onClick= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", )  onfocus= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", ) >\15\12        \15\12     ", ) == 0x0
 03841   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  style= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12        \15\12        
"atus_ics0" style="display:none">\15\12        
\15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  width= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  height= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >
\15\12        \15\12    \15\12    \15\12    0 cellpadding=4 cellspacing=0>\15\12\15\12\15\12    \15\12    
    
        
\15\12        "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  id= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  style= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12            5 ID= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  name= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  type= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  onClick= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12        \15\12        
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  onfocus= (220, 0, 0, 0, "atus_ics0" style="display:none">\15\12        \15\12        
"../images/dialup.gif" width="324" height="72">
\15\12        \15\12    \15\12    \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "text-primary" id="TXT_MODEM01" style="display:none">\15\12            "radio_ChooseModem" name="ICSChoice" type="radio" onClick="window.parent.OnClick();" onfocus="window.parent.OnFocus();">\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12        \15\12     ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03842   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ubscriber line (DSL) or cable modem
\15\12                \15\12            \15\12            \15\12                This option allows you to use your telephone while you're connected to the Internet. A cable modem uses a cable television network to make the connection, and you can watch TV while you're connected. Both of these options are generally faster than telephone modems.\15\12    ", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ubscriber line (DSL) or cable modem
\15\12                \15\12            \15\12            \15\12                This option allows you to use your telephone while you're connected to the Internet. A cable modem uses a cable television network to make the connection, and you can watch TV while you're connected. Both of these options are generally faster than telephone modems.\15\12    ", ) display:none (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ubscriber line (DSL) or cable modem
\15\12                \15\12            \15\12            \15\12                This option allows you to use your telephone while you're connected to the Internet. A cable modem uses a cable television network to make the connection, and you can watch TV while you're connected. Both of these options are generally faster than telephone modems.\15\12    ", ) txtICS5x (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ubscriber line (DSL) or cable modem
\15\12                \15\12            \15\12            \15\12                This option allows you to use your telephone while you're connected to the Internet. A cable modem uses a cable television network to make the connection, and you can watch TV while you're connected. Both of these options are generally faster than telephone modems.\15\12    ", ) , ) == 0x0
 03843   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "ubscriber line (DSL) or cable modem
\15\12                \15\12            \15\12            \15\12                This option allows you to use your telephone while you're connected to the Internet. A cable modem uses a cable television network to make the connection, and you can watch TV while you're connected. Both of these options are generally faster than telephone modems.\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (220, 0, 0, 0, "ubscriber line (DSL) or cable modem
\15\12                \15\12            \15\12            \15\12                This option allows you to use your telephone while you're connected to the Internet. A cable modem uses a cable television network to make the connection, and you can watch TV while you're connected. Both of these options are generally faster than telephone modems.\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none (220, 0, 0, 0, "ubscriber line (DSL) or cable modem
\15\12                \15\12            \15\12            \15\12                This option allows you to use your telephone while you're connected to the Internet. A cable modem uses a cable television network to make the connection, and you can watch TV while you're connected. Both of these options are generally faster than telephone modems.\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtICS5x (220, 0, 0, 0, "ubscriber line (DSL) or cable modem
\15\12                \15\12            \15\12            \15\12                This option allows you to use your telephone while you're connected to the Internet. A cable modem uses a cable television network to make the connection, and you can watch TV while you're connected. Both of these options are generally faster than telephone modems.\15\12    ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03844   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1486},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1486}, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", ) newbuttonposition (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1486}, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", ) btnBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1486}, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", ) newbuttonsBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1486}, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", ) B (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1486}, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1486}, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", ) , ) == 0x0
 03845   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", 1466, 0x0, 0, ... {status=0x0, info=1466}, ) newbuttonposition (220, 0, 0, 0, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", 1466, 0x0, 0, ... {status=0x0, info=1466}, ) btnBack (220, 0, 0, 0, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", 1466, 0x0, 0, ... {status=0x0, info=1466}, ) newbuttonsBack (220, 0, 0, 0, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", 1466, 0x0, 0, ... {status=0x0, info=1466}, ) B (220, 0, 0, 0, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", 1466, 0x0, 0, ... {status=0x0, info=1466}, ) visibility:visible; (220, 0, 0, 0, "his option after you finish setting up Windows. Just click Control Panel on the Start menu, and then click  Network and Internet Connections.

If you don't want this computer to connect to the Internet now, click Skip.\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12    ", 1466, 0x0, 0, ... {status=0x0, info=1466}, ) , 1466, 0x0, 0, ... {status=0x0, info=1466}, ) == 0x0
 03846   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03847   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03848   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03849   464   NtClose  (224, ... ) == 0x0
 03850   464   NtClose  (220, ... ) == 0x0
 03851   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\ics.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03852   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03853   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03854   464   NtClose  (220, ... ) == 0x0
 03855   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\ics.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03856   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03857   464   NtSetInformationFile  (220, 1415848, 100, Rename, ... {status=0x0, info=0}, ) == 0x0
 03858   464   NtClose  (220, ... ) == 0x0
 03859   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03860   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\ident1.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03861   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\ident1.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03862   464   NtClose  (-2147482028, ... ) == 0x0
 03861   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03863   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12        \15\12        
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12    \15\12    
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12        \15\12        
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12    \15\12    
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12        \15\12        
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12\15\12\15\12
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12\15\12
100% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12\15\12\15\12
100% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12    \15\12    
7", ) == 0x0
 03864   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12\15\12\15\12
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12    \15\12    
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12\15\12\15\12
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12    \15\12    
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12\15\12\15\12
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12\15\12
"\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12\15\12\15\12
100% (224, 0, 0, 0, "\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12    \15\12    
100% (224, 0, 0, 0, "\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12    \15\12    \15\12      \15\12              \15\12            \15\12          \15\12          
7", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03865   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1680},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1680}, "us(); >\15\12              
\15\12                \15\12                  No\15\12                \15\12              
\15\12        \15\12        \15\12\15\12\15\12        \15\12    0x0
 03866   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "us(); >\15\12              \15\12              \15\12            \15\12          \15\12          
\15\12                \15\12                  No\15\12                \15\12              
\15\12        \15\12        \15\12\15\12\15\12        \15\12    1662, 0x0, 0, ... {status=0x0, info=1662}, ) == 0x0
 03867   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03868   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03869   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03870   464   NtClose  (220, ... ) == 0x0
 03871   464   NtClose  (224, ... ) == 0x0
 03872   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\ident1.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03873   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03874   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03875   464   NtClose  (224, ... ) == 0x0
 03876   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\ident1.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03877   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03878   464   NtSetInformationFile  (224, 1353616, 106, Rename, ... {status=0x0, info=0}, ) == 0x0
 03879   464   NtClose  (224, ... ) == 0x0
 03880   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03881   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\ident2.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03882   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\ident2.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03883   464   NtClose  (-2147482028, ... ) == 0x0
 03882   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03884   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12\15\12\15\12
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12    \15\12    
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12\15\12\15\12
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12    \15\12    
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12          \15\12          
\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12  \15\12  \15\12    \15\12      \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12\15\12\15\12\15\12\15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12\15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12\15\12\15\12\15\12\15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12            \15\12            \15\12              \15\12              \15\12              \15\12\15\12            \15\12          \15\12          
NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , ) ident_lbl_user2 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , ) inptUser_2 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , ) 2 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , ) txtIdentities_23 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , ) , ) == 0x0
 03887   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (220, 0, 0, 0, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ident_lbl_user2 (220, 0, 0, 0, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) inptUser_2 (220, 0, 0, 0, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 2 (220, 0, 0, 0, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtIdentities_23 (220, 0, 0, 0, "ease use the rules below.\15\12              
\15\12                \15\12                2nd User:\15\12                \15\12              
\15\12                \15\12                  , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03888   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", )  vAlign=center>\15\12        "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", ) >Please use the rules below.\15\12              
            
            
              
              
"033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", )  id=lblUser>\15\12                "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", )  for= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", )  accesskey= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", ) >\15\12                "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", ) >5th User:\15\12                \15\12              
              
\15\12                1>\15\12  ", ) == 0x0
 03889   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  vAlign=center>\15\12        "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >Please use the rules below.\15\12              
            
            
              
              
"033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  id=lblUser>\15\12                "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  for= (220, 0, 0, 0, "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  accesskey= (220, 0, 0, 0, "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12                "033; display:none" vAlign=center>\15\12        "txtIdentities_28">Please use the rules below.\15\12              
"text-primary" id=lblUser>\15\12                "ident_lbl_user5" for="inptUser_5" accesskey="5">\15\12                "txtIdentities_29">5th User:\15\12                \15\12              
\15\12                \15\12  ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >5th User:\15\12                \15\12              
              
\15\12                1>\15\12  ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03890   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", ) display:none (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", ) text-error (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", ) txtIdentities_213 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", ) txtIdentities_214 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", )  * + , / : ; < = > ? [ \ ] |\15\12    
"then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", ) >Names cannot just be all spaces and periods\15\12    
"then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", ) , ) == 0x0
 03891   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none (220, 0, 0, 0, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-error (220, 0, 0, 0, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtIdentities_213 (220, 0, 0, 0, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtIdentities_214 (220, 0, 0, 0, "then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  * + , / : ; < = > ? [ \ ] |\15\12    
"then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >Names cannot just be all spaces and periods\15\12    
"then click User Accounts.
\15\12        \15\12\15\12    \15\12    
\15\12    
Names must be no more than 20 characters\15\12    
Names must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12    
"txtIdentities_215">Names cannot just be all spaces and periods\15\12    
"txtIde", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03892   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=156},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=156}, "t" TABINDEX=7  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", )  TABINDEX=7  ACCESSKEY= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=156}, "t" TABINDEX=7  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", )  style= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=156}, "t" TABINDEX=7  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", ) >
    
    
\15\12\15\12    
\15\12\15\12\15\12", ) == 0x0
 03893   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "t" TABINDEX=7  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12", 138, 0x0, 0, ... {status=0x0, info=138}, )  TABINDEX=7  ACCESSKEY= (220, 0, 0, 0, "t" TABINDEX=7  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12", 138, 0x0, 0, ... {status=0x0, info=138}, )  style= (220, 0, 0, 0, "t" TABINDEX=7  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12", 138, 0x0, 0, ... {status=0x0, info=138}, ) >
    
    
\15\12\15\12    
\15\12", 138, 0x0, 0, ... {status=0x0, info=138}, ) == 0x0
 03894   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03895   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03896   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03897   464   NtClose  (224, ... ) == 0x0
 03898   464   NtClose  (220, ... ) == 0x0
 03899   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\ident2.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03900   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03901   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03902   464   NtClose  (220, ... ) == 0x0
 03903   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\ident2.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03904   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03905   464   NtSetInformationFile  (220, 1353616, 106, Rename, ... {status=0x0, info=0}, ) == 0x0
 03906   464   NtClose  (220, ... ) == 0x0
 03907   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03908   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\isp.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03909   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\isp.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03910   464   NtClose  (-2147482028, ... ) == 0x0
 03909   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03911   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.IspLoadMe();window.parent.Agent_Activate('ISP'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.IspUnLoad();window.parent.Agent_Deactivate(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03912   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.IspLoadMe();window.parent.Agent_Activate('ISP'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.IspUnLoad();window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03913   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", )  onfocus= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", ) >\15\12        \15\12\15\12        \15\12\15\12        \15\12    \15\12 ", ) >\15\12        1 ACCESSKEY= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", )  id=ISP_Migrate for=radioMigrateISP class= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", ) >\15\12        "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", ) >Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12\15\12\15\12\15\12 ", ) == 0x0
 03914   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  onfocus= (224, 0, 0, 0, "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\121 ACCESSKEY= (224, 0, 0, 0, "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  id=ISP_Migrate for=radioMigrateISP class= (224, 0, 0, 0, "parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12"parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        \15\12\15\12        \15\12    \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12\15\12\15\12\15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03915   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip\15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
"parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
                    
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
                
"parent.OnClick();" onfocus="this.select(); window.parent.OnFocus();">\15\12        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
        
"top">\15\12        "M" id=ISP_Migrate for=radioMigrateISP class="text-primary">\15\12        "ISP_str7">Use my existing Internet account with another service provider (ISP)
Select this option if you already have an Internet account, even if you've never accessed the Internet from this computer.\15\12        \15\12        
                    
  
Next
, ) LocalBtnSkip_Text (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) btnSkip (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) newbuttonsSkip (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) S (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) visibility:hidden; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) NextBtnLocalText (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) visibility:visible; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) LocalBtnNext_Text (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) btnNext (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) newbuttonsNext (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=643}, "btnSkip>Skip
  
Next
, ) , ) == 0x0
 03916   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) LocalBtnSkip_Text (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) btnSkip (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) newbuttonsSkip (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) S (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) visibility:hidden; (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) text-primary (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) NextBtnLocalText (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) visibility:visible; (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) LocalBtnNext_Text (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) btnNext (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) newbuttonsNext (224, 0, 0, 0, "btnSkip>Skip
  
Next
, 617, 0x0, 0, ... {status=0x0, info=617}, ) , 617, 0x0, 0, ... {status=0x0, info=617}, ) == 0x0
 03917   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03918   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12\15\12\15\12\15\12", 26, 0x0, 0, ... {status=0x0, info=26}, ) , 26, 0x0, 0, ... {status=0x0, info=26}, ) == 0x0
 03919   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03920   464   NtClose  (220, ... ) == 0x0
 03921   464   NtClose  (224, ... ) == 0x0
 03922   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\isp.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03923   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03924   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03925   464   NtClose  (224, ... ) == 0x0
 03926   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\isp.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03927   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03928   464   NtSetInformationFile  (224, 1415848, 100, Rename, ... {status=0x0, info=0}, ) == 0x0
 03929   464   NtClose  (224, ... ) == 0x0
 03930   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03931   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\ispwait.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03932   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\ispwait.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03933   464   NtClose  (-2147482028, ... ) == 0x0
 03932   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03934   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12        \15\12        
, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    
, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12        \15\12        
, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    
, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12        \15\12        
, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    
, ) window.parent.InitFrameRef(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12        \15\12        
, ) 100% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    
, ) 100% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12        \15\12        
, ) 7% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1143}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    
, ) , ) == 0x0
 03935   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12        \15\12        
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12    \15\12    
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) window.parent.InitFrameRef(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) 100% (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12        \15\12    \15\12    
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) 100% (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12\15\12
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) 7% (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12\15\12    \15\12        \15\12    \15\12    
, 1125, 0x0, 0, ... {status=0x0, info=1125}, ) , 1125, 0x0, 0, ... {status=0x0, info=1125}, ) == 0x0
 03936   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03937   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 03938   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03939   464   NtClose  (224, ... ) == 0x0
 03940   464   NtClose  (220, ... ) == 0x0
 03941   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\ispwait.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03942   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03943   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03944   464   NtClose  (220, ... ) == 0x0
 03945   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\ispwait.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03946   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03947   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03948   464   NtClose  (220, ... ) == 0x0
 03949   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03950   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\jndomain.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03951   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\jndomain.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03952   464   NtClose  (-2147482028, ... ) == 0x0
 03951   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03953   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2024},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2024}, "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12    \15\12    \15\12        \15\12        \15\12\15\12
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        5% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2024}, "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        95% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2024}, "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        0x0
 03956   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        5% (224, 0, 0, 0, "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        95% (224, 0, 0, 0, "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        "u>Yes, make this computer a member of the following domain:\15\12        
\15\12        \15\12        (You will need to obtain this information from your network administrator.)\15\12        \15\12        
\15\12         \15\12        
\15\12        2004, 0x0, 0, ... {status=0x0, info=2004}, ) == 0x0
 03957   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03958   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03959   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03960   464   NtClose  (220, ... ) == 0x0
 03961   464   NtClose  (224, ... ) == 0x0
 03962   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\jndomain.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 03963   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03964   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03965   464   NtClose  (224, ... ) == 0x0
 03966   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\jndomain.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 03967   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03968   464   NtSetInformationFile  (224, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 03969   464   NtClose  (224, ... ) == 0x0
 03970   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03971   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\jndom_a.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 03972   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\jndom_a.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03973   464   NtClose  (-2147482028, ... ) == 0x0
 03972   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 03974   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.jndomainLoadMe2(); window.parent.Agent_Activate('JNDOM_A'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 03975   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.jndomainLoadMe2(); window.parent.Agent_Activate('JNDOM_A'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03976   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , ) newbuttonposition (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , ) btnBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , ) newbuttonsBack (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , ) B (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , ) BackBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , ) LocalBtnBack_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1258}, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , ) , ) == 0x0
 03977   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) newbuttonposition (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) btnBack (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) newbuttonsBack (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) B (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) visibility:visible; (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) text-primary (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) BackBtnLocalText (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) visibility:visible; (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12\15\12
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) LocalBtnBack_Text (220, 0, 0, 0, "\15\12\15\12    \15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
  
Back
 , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) , 1238, 0x0, 0, ... {status=0x0, info=1238}, ) == 0x0
 03978   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 03979   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 03980   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 03981   464   NtClose  (224, ... ) == 0x0
 03982   464   NtClose  (220, ... ) == 0x0
 03983   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\jndom_a.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 03984   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03985   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 03986   464   NtClose  (220, ... ) == 0x0
 03987   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\jndom_a.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 03988   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 03989   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 03990   464   NtClose  (220, ... ) == 0x0
 03991   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 03992   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\keybd.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 03993   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\keybd.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 03994   464   NtClose  (-2147482028, ... ) == 0x0
 03993   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 03995   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\1215\12      window.parent.ProcessQueuedEvents();\15\12      window.parent.Agent_Deactivat", ) == 0x0
 03996   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\1215\12      window.parent.ProcessQueuedEvents();\15\12      window.parent.Agent_Deactivat", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03997   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        1>\15\12        
    
    
        
\15\12        "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        3  TABINDEX=2 style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12\15\12
\15\12        \15\12        \15\12        
    
    
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12\15\12\15\12    \15\12    \15\12        \15\12    \15\12    
    
        
\15\12        0x0
 03998   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12\15\12\15\12\15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        1>\15\12        
    
    
        
\15\12        "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        3  TABINDEX=2 style= (224, 0, 0, 0, "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12    \15\12    \15\12        \15\12    \15\12    
\15\12        "idden;width:100%" TABINDEX=-1>\15\12        
\15\12        "selLang" size=3  TABINDEX=2 style="visibility:hidden" onfocus="window.parent.OnFocus();" onclick="window.parent.OnClick();" onkeyup="window.parent.OnClick();">\15\12        \15\12        
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12    \15\12        \15\12\15\12
\15\12        \15\12        \15\12        
    
    
\15\12    
\15\12\15\12    \15\12        \15\12    \15\12    \15\12\15\12    
\15\12    \15\12\15\12\15\12    \15\12    
    
        
\15\12        2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 03999   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=192},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=192}, "td>
\15\12\15\12    
\15\12\15\12\15\12\15\12", ) btnNext (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=192}, "td>
\15\12\15\12    
\15\12\15\12\15\12\15\12", ) newbuttonsNext (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=192}, "td>
\15\12\15\12    
\15\12\15\12\15\12\15\12", ) N (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=192}, "td>
\15\12\15\12    
\15\12\15\12\15\12\15\12", ) visibility:visible; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=192}, "td>
\15\12\15\12    
\15\12\15\12\15\12\15\12", ) , ) == 0x0
 04000   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "td>
\15\12\15\12    
\15\12\15\12", 174, 0x0, 0, ... {status=0x0, info=174}, ) btnNext (224, 0, 0, 0, "td>
\15\12\15\12    
\15\12\15\12", 174, 0x0, 0, ... {status=0x0, info=174}, ) newbuttonsNext (224, 0, 0, 0, "td>
\15\12\15\12    
\15\12\15\12", 174, 0x0, 0, ... {status=0x0, info=174}, ) N (224, 0, 0, 0, "td>
\15\12\15\12    
\15\12\15\12", 174, 0x0, 0, ... {status=0x0, info=174}, ) visibility:visible; (224, 0, 0, 0, "td>
\15\12\15\12    
\15\12\15\12", 174, 0x0, 0, ... {status=0x0, info=174}, ) , 174, 0x0, 0, ... {status=0x0, info=174}, ) == 0x0
 04001   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04002   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 04003   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04004   464   NtClose  (220, ... ) == 0x0
 04005   464   NtClose  (224, ... ) == 0x0
 04006   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\keybd.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04007   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04008   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04009   464   NtClose  (224, ... ) == 0x0
 04010   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\keybd.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04011   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04012   464   NtSetInformationFile  (224, 1415848, 104, Rename, ... {status=0x0, info=0}, ) == 0x0
 04013   464   NtClose  (224, ... ) == 0x0
 04014   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04015   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\keybdcmt.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04016   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\keybdcmt.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04017   464   NtClose  (-2147482028, ... ) == 0x0
 04016   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04018   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.RegKBCmt_LoadMe();window.parent.Agent_Activate('KeybdCmt'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 04019   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.RegKBCmt_LoadMe();window.parent.Agent_Activate('KeybdCmt'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04020   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=817},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=817}, ">\15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12    \15\12    
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, ">
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
 
Skip
  
NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04023   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04024   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04025   464   NtClose  (224, ... ) == 0x0
 04026   464   NtClose  (220, ... ) == 0x0
 04027   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\keybdcmt.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 04028   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04029   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04030   464   NtClose  (220, ... ) == 0x0
 04031   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\keybdcmt.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 04032   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04033   464   NtSetInformationFile  (220, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 04034   464   NtClose  (220, ... ) == 0x0
 04035   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04036   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\migdial.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 04037   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\migdial.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04038   464   NtClose  (-2147482028, ... ) == 0x0
 04037   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 04039   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
, ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
, ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
, ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) window.parent.Migdial_LoadMe(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
, ) , ) == 0x0
 04040   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Migdial_LoadMe(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04041   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=220},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=220}, "el>
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) btnNext (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=220}, "el>
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) newbuttonsNext (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=220}, "el>
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) N (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=220}, "el>
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=220}, "el>
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 04042   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "el>
\15\12\15\12    
\15\12\15\12\15\12", 202, 0x0, 0, ... {status=0x0, info=202}, ) btnNext (224, 0, 0, 0, "el>
\15\12\15\12    
\15\12\15\12\15\12", 202, 0x0, 0, ... {status=0x0, info=202}, ) newbuttonsNext (224, 0, 0, 0, "el>
\15\12\15\12    
\15\12\15\12\15\12", 202, 0x0, 0, ... {status=0x0, info=202}, ) N (224, 0, 0, 0, "el>
\15\12\15\12    
\15\12\15\12\15\12", 202, 0x0, 0, ... {status=0x0, info=202}, ) visibility:visible; (224, 0, 0, 0, "el>
\15\12\15\12    
\15\12\15\12\15\12", 202, 0x0, 0, ... {status=0x0, info=202}, ) , 202, 0x0, 0, ... {status=0x0, info=202}, ) == 0x0
 04043   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04044   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 04045   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04046   464   NtClose  (220, ... ) == 0x0
 04047   464   NtClose  (224, ... ) == 0x0
 04048   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\migdial.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04049   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04050   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04051   464   NtClose  (224, ... ) == 0x0
 04052   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\migdial.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04053   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04054   464   NtSetInformationFile  (224, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04055   464   NtClose  (224, ... ) == 0x0
 04056   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04057   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\miglist.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04058   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\miglist.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04059   464   NtClose  (-2147482028, ... ) == 0x0
 04058   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04060   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.Miglist_LoadMe();window.parent.Agent_Activate('MigList'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 04061   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Miglist_LoadMe();window.parent.Agent_Activate('MigList'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04062   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
, ) drdyisp_4_spanID (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, ) display:none (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
, ) drdyref_4 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, ) btnManual (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
, ) newbuttonsNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, ) H (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
, ) display:none; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, ) , ) == 0x0
 04063   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) drdyisp_4_spanID (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) drdyref_4 (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) btnManual (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) newbuttonsNext (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) H (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none; (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (220, 0, 0, 0, "class="text-primary" ID="drdyisp_4_spanID" style="display:none">\15\12If your ISP is not on the list but you already have your Internet account information handy, including your user name, password, and the ISP's phone number, click here: \15\12\15\12\15\12
\15\12\15\12    \15\12    \15\12        \15\12        \15\12        \15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04064   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=257},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=257}, "alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) >Next
        
"alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", )  class= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=257}, "alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", )  TABINDEX=4  ACCESSKEY= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=257}, "alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", )  style= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=257}, "alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) >
    
    
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12", ) == 0x0
 04065   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", 239, 0x0, 0, ... {status=0x0, info=239}, ) >Next
        
"alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", 239, 0x0, 0, ... {status=0x0, info=239}, )  class= (220, 0, 0, 0, "alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", 239, 0x0, 0, ... {status=0x0, info=239}, )  TABINDEX=4  ACCESSKEY= (220, 0, 0, 0, "alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", 239, 0x0, 0, ... {status=0x0, info=239}, )  style= (220, 0, 0, 0, "alBtnNext_Text">Next
"btnNext" class="newbuttonsNext" TABINDEX=4  ACCESSKEY="N" style="visibility:visible;">
\15\12\15\12    
\15\12\15\12\15\12", 239, 0x0, 0, ... {status=0x0, info=239}, ) >
    
    
\15\12\15\12    
\15\12\15\12\15\12", 239, 0x0, 0, ... {status=0x0, info=239}, ) == 0x0
 04066   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04067   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 04068   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04069   464   NtClose  (224, ... ) == 0x0
 04070   464   NtClose  (220, ... ) == 0x0
 04071   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\miglist.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 04072   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04073   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04074   464   NtClose  (220, ... ) == 0x0
 04075   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\miglist.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 04076   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04077   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04078   464   NtClose  (220, ... ) == 0x0
 04079   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04080   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\migpage.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 04081   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\migpage.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04082   464   NtClose  (-2147482028, ... ) == 0x0
 04081   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 04083   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Migpage_LoadMe();window.parent.Agent_Activate('MigPage'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) maincell.style.visibility='hidden'; window.parent.Agent_Deactivate(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 04084   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Migpage_LoadMe();window.parent.Agent_Activate('MigPage'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) maincell.style.visibility='hidden'; window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04085   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1571},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1571}, "ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
40%; top:84% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1571}, "ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
0x0
 04086   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
40%; top:84% (224, 0, 0, 0, "ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
"ou finish Windows Welcome, and then remove it from your desktop.
\15\12\15\12

\15\12\15\12\15\12\15\12\15\12\15\12\15\12
Please wait... 
\15\12\15\12    \15\12    \15\12        \15\12        
  
1553, 0x0, 0, ... {status=0x0, info=1553}, ) == 0x0
 04087   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04088   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 04089   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04090   464   NtClose  (220, ... ) == 0x0
 04091   464   NtClose  (224, ... ) == 0x0
 04092   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\migpage.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04093   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04094   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04095   464   NtClose  (224, ... ) == 0x0
 04096   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\migpage.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04097   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04098   464   NtSetInformationFile  (224, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04099   464   NtClose  (224, ... ) == 0x0
 04100   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04101   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\neweula.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04102   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\neweula.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04103   464   NtClose  (-2147482028, ... ) == 0x0
 04102   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04104   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) window.parent.EulaLoadMe(); window.parent.Agent_Activate('Eula'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 04105   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.EulaLoadMe(); window.parent.Agent_Activate('Eula'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04106   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", )  onfocus= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", )  onblur= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", ) >\15\12        \15\12    \15\12\15\12

\15\12"olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", )  class= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", )  style= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", ) >\15\12        "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", ) >Do you accept the terms of the EULA?\15\12    \15\12"olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", )  class= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", )  style= (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", ) >\15\12        "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", ) >Do you accept the ter", ) == 0x0
 04107   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  onfocus= (220, 0, 0, 0, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  onblur= (220, 0, 0, 0, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12        \15\12    \15\12\15\12

\15\12"olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  class= (220, 0, 0, 0, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  style= (220, 0, 0, 0, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12        "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >Do you accept the terms of the EULA?\15\12    \15\12"olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  class= (220, 0, 0, 0, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  style= (220, 0, 0, 0, "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12        "olor:#7295e4; padding:10;" onfocus="window.parent.HandleTextAreaFocus();window.parent.OnFocus();" onblur="window.parent.HandleTextAreaBlur();">\15\12        \15\12    \15\12\15\12    

\15\12    "AcceptMS_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSEula">Do you accept the terms of the EULA?\15\12    \15\12    "AcceptMSOEM_EulaText" class="text-primary" style="display:none;">\15\12        "txtAcceptMSOEMEula">Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >Do you accept the ter", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04108   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        \15\12        \15\12            \15\12            \15\12        \15\12        , ) display:none (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , ) ToContinueFinishSpn (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , ) display:none (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , ) position:absolute; left:35%; top:84% (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , ) neweulacnt (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , ) , ) == 0x0
 04109   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none (220, 0, 0, 0, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ToContinueFinishSpn (220, 0, 0, 0, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none (220, 0, 0, 0, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) position:absolute; left:35%; top:84% (220, 0, 0, 0, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (220, 0, 0, 0, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) neweulacnt (220, 0, 0, 0, "yle="display:none">\15\12        \15\12    \15\12\15\12    \15\12        
\15\12            To continue, click Finish\15\12            
\15\12        \15\12            \15\12            \15\12        \15\12        , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04110   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=20},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=20}, "\15\12\15\12\15\12", ) , ) == 0x0
 04111   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04112   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04113   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04114   464   NtClose  (224, ... ) == 0x0
 04115   464   NtClose  (220, ... ) == 0x0
 04116   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\neweula.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 04117   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04118   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04119   464   NtClose  (220, ... ) == 0x0
 04120   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\neweula.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 04121   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04122   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04123   464   NtClose  (220, ... ) == 0x0
 04124   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04125   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\neweula2.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 04126   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\neweula2.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04127   464   NtClose  (-2147482028, ... ) == 0x0
 04126   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 04128   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12
\15\12            To continue, click Finish\15\12            
\15\12<", ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) window.parent.EulaLoadMe2(); window.parent.Agent_Activate('Eula_2'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) , ) == 0x0
 04129   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.EulaLoadMe2(); window.parent.Agent_Activate('Eula_2'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04130   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1166},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1166}, "on">\15\12    \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", ) >\15\12    
10>  
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", )  class= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1166}, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", )  TABINDEX=4  ACCESSKEY= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1166}, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", )  style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1166}, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", ) >
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", )  style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1166}, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", ) >Back
99%> 
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", )  style", ) == 0x0
 04131   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, ) >\15\12    
10>  
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, )  class= (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, )  TABINDEX=4  ACCESSKEY= (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, )  style= (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, ) >
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, )  style= (224, 0, 0, 0, "on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, ) >Back
99%> 
"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, ) >"on">\15\12    
  
"btnBack" class="newbuttonsBack" TABINDEX=4  ACCESSKEY="B" style="visibility:visible;">
"text-primary">"BackBtnLocalText" style="visibility:visible;">"LocalBtnBack_Text">Back
 
"text-primary">"SkipBtnLocalText" style", 1146, 0x0, 0, ... {status=0x0, info=1146}, )  style", 1146, 0x0, 0, ... {status=0x0, info=1146}, ) == 0x0
 04132   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04133   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04134   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04135   464   NtClose  (220, ... ) == 0x0
 04136   464   NtClose  (224, ... ) == 0x0
 04137   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\neweula2.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04138   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04139   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04140   464   NtClose  (224, ... ) == 0x0
 04141   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\neweula2.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04142   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04143   464   NtSetInformationFile  (224, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 04144   464   NtClose  (224, ... ) == 0x0
 04145   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04146   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\oempriv.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04147   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\oempriv.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04148   464   NtClose  (-2147482028, ... ) == 0x0
 04147   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04149   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) window.parent.OEMPrivacyPolicy('SimpleBack'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, ) , ) == 0x0
 04150   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OEMPrivacyPolicy('SimpleBack'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12    \15\12    
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04151   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=105},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=105}, "lity:hidden;">
\15\12\15\12    
\15\12\15\12\15\12\15\12", ) >
    
    
\15\12\15\12    
\15\12\15\12\15\12\15\12", ) == 0x0
 04152   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "lity:hidden;">
\15\12\15\12    
\15\12", 85, 0x0, 0, ... {status=0x0, info=85}, ) >
    
    
\15\12\15\12    
\15\12", 85, 0x0, 0, ... {status=0x0, info=85}, ) == 0x0
 04153   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04154   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04155   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04156   464   NtClose  (224, ... ) == 0x0
 04157   464   NtClose  (220, ... ) == 0x0
 04158   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\oempriv.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 04159   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04160   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04161   464   NtClose  (220, ... ) == 0x0
 04162   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\oempriv.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 04163   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04164   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04165   464   NtClose  (220, ... ) == 0x0
 04166   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04167   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\prodkey.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 04168   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\prodkey.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04169   464   NtClose  (-2147482028, ... ) == 0x0
 04168   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 04170   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\120x0
 04171   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04172   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\120x0
 04173   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\12"DIR=ltr style="font-family:Courier New; FONT-SIZE: 16pt;">\15\12
\15\12\15\12
-
\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04174   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , ) tableKeyboardHelper (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , ) BACKGROUND-COLOR: silver; border:1px solid black; VISIBILITY: visible (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , ) window.parent.KeyboardHelperClick(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , ) emphasis-lesser (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , ) {BACKSPACE} (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , ) fontStyle (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , ) , ) == 0x0
 04175   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) tableKeyboardHelper (224, 0, 0, 0, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) BACKGROUND-COLOR: silver; border:1px solid black; VISIBILITY: visible (224, 0, 0, 0, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.KeyboardHelperClick(); (224, 0, 0, 0, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) emphasis-lesser (224, 0, 0, 0, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) {BACKSPACE} (224, 0, 0, 0, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           
\15\12           
Keyboard Helper
\15\12           
\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) fontStyle (224, 0, 0, 0, "tr>\15\12\15\12\15\12
\15\12\15\12    \15\12        \15\12           \15\12            \15\12            \15\12   ", ) J (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) fontStyle (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) K (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) fontStyle (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) M (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) fontStyle (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        \15\12            \15\12            \15\12   ", ) , ) == 0x0
 04177   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) J (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) fontStyle (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) K (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) fontStyle (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) M (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) fontStyle (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (224, 0, 0, 0, "        \15\12            \15\12            \15\12   ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04178   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12            \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12\15\12        \15\12        
\15\12           
Keyboard Helper
\15\12           
\15\12                , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04176   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "        
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                J\15\12            
\15\12                K\15\12            
\15\12                M\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) 3 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) fontStyle (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) 4 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) fontStyle (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) 6 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) fontStyle (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", ) , ) == 0x0
 04179   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 3 (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) fontStyle (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 4 (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) fontStyle (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 6 (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) fontStyle (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) WIDTH:32px; HEIGHT:32px; FONT-SIZE:16PT (224, 0, 0, 0, "               3\15\12            
\15\12                4\15\12            
\15\12                6\15\12            
\15\12", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04180   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) SkipBtnLocalText (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) visibility:hidden; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) LocalBtnSkip_Text (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) btnSkip (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) newbuttonsSkip (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) S (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) visibility:hidden; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) NextBtnLocalText (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) visibility:visible; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) LocalBtnNext_Text (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=731}, "middle class="text-primary">Skip
  
Nex", ) , ) == 0x0
 04181   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) text-primary (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) SkipBtnLocalText (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) visibility:hidden; (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) LocalBtnSkip_Text (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) btnSkip (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) newbuttonsSkip (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) S (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) visibility:hidden; (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) text-primary (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) NextBtnLocalText (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) visibility:visible; (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) LocalBtnNext_Text (224, 0, 0, 0, "middle class="text-primary">Skip
  
Nex", 711, 0x0, 0, ... {status=0x0, info=711}, ) , 711, 0x0, 0, ... {status=0x0, info=711}, ) == 0x0
 04182   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04183   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04184   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04185   464   NtClose  (220, ... ) == 0x0
 04186   464   NtClose  (224, ... ) == 0x0
 04187   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\prodkey.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04188   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04189   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04190   464   NtClose  (224, ... ) == 0x0
 04191   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\prodkey.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04192   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04193   464   NtSetInformationFile  (224, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04194   464   NtClose  (224, ... ) == 0x0
 04195   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04196   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\prvcyms.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04197   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\prvcyms.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04198   464   NtClose  (-2147482028, ... ) == 0x0
 04197   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04199   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.New_Default_LoadMe('SimpleBack'); window.privtext.focus();window.parent.Agent_Activate('PrivacyMS'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 04200   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.New_Default_LoadMe('SimpleBack'); window.privtext.focus();window.parent.Agent_Activate('PrivacyMS'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04201   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "s and helps you travel across microsoft.com, allowing you to download free software, order free newsletters and visit premium sites without having to fill out registration forms with information you've already provided.  When you come to the site for the first time, we will invite you to create a Registration ID.  Then, even if you switch computers, you won't have to re-register - just use your Registration ID to identify yourself.\15\12\15\12At any time, you can visit the Profile Center on our Web site", ) , ) == 0x0
 04202   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "s and helps you travel across microsoft.com, allowing you to download free software, order free newsletters and visit premium sites without having to fill out registration forms with information you've already provided.  When you come to the site for the first time, we will invite you to create a Registration ID.  Then, even if you switch computers, you won't have to re-register - just use your Registration ID to identify yourself.\15\12\15\12At any time, you can visit the Profile Center on our Web site", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04203   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        
Skip
  
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) SkipBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) visibility:hidden; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) LocalBtnSkip_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) btnSkip (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) newbuttonsSkip (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) S (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) visibility:hidden; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) NextBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) visibility:hidden; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=768}, "%> 
Skip
  
, ) , ) == 0x0
 04204   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) text-primary (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) SkipBtnLocalText (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) visibility:hidden; (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) LocalBtnSkip_Text (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) btnSkip (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) newbuttonsSkip (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) S (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) visibility:hidden; (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) text-primary (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) NextBtnLocalText (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) visibility:hidden; (220, 0, 0, 0, "%> 
Skip
  
, 748, 0x0, 0, ... {status=0x0, info=748}, ) , 748, 0x0, 0, ... {status=0x0, info=748}, ) == 0x0
 04205   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04206   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04207   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04208   464   NtClose  (224, ... ) == 0x0
 04209   464   NtClose  (220, ... ) == 0x0
 04210   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\prvcyms.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 04211   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04212   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04213   464   NtClose  (220, ... ) == 0x0
 04214   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\prvcyms.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 04215   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04216   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04217   464   NtClose  (220, ... ) == 0x0
 04218   464   NtQueryDirectoryFile  (216, 0, 0, 0, 1407448, 4096, BothDirectory, 0, 0x0, 0, ... {status=0x0, info=2260}, ) == 0x0
 04219   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04220   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\refdial.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 04221   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\refdial.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04222   464   NtClose  (-2147482028, ... ) == 0x0
 04221   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 04223   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Refdial_LoadMe();window.parent.Agent_Activate('RefDialing'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 04224   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Refdial_LoadMe();window.parent.Agent_Activate('RefDialing'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04225   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", ) , ) == 0x0
 04230   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "ght="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12        \15\12 ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04231   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    
"rcolorlight="#CCCCCC" height="25">
25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "rcolorlight="#CCCCCC" height="25">
0x0
 04226   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
1% (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
1% (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
1% (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
1% (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
1% (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
1% (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
"rcolorlight="#CCCCCC" height="25">
25 (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
1% (224, 0, 0, 0, "rcolorlight="#CCCCCC" height="25">
2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04227   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "  
, ) , ) == 0x0
 04228   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #CCCCCC (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 25 (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 1% (224, 0, 0, 0, "  
, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04229   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ght="25">
\15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 1% (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) #CCCCCC (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) 25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) newbuttonposition (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1657}, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", ) , ) == 0x0
 04232   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) #CCCCCC (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 25 (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 1% (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) #CCCCCC (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 25 (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 1% (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) #CCCCCC (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 25 (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 1% (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) #CCCCCC (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 25 (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 1% (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) #CCCCCC (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 25 (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 1% (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) #CCCCCC (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) 25 (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) newbuttonposition (224, 0, 0, 0, "lorlight="#CCCCCC" height="25">\15\12        \15\12        \15\12        \15\12        \15\12        \15\12      \15\12    \15\12\15\12
\15\12\15\12\15\12    \15\12    \15", 1639, 0x0, 0, ... {status=0x0, info=1639}, ) , 1639, 0x0, 0, ... {status=0x0, info=1639}, ) == 0x0
 04233   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04234   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 04235   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04236   464   NtClose  (220, ... ) == 0x0
 04237   464   NtClose  (224, ... ) == 0x0
 04238   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\refdial.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04239   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04240   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04241   464   NtClose  (224, ... ) == 0x0
 04242   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\refdial.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04243   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04244   464   NtSetInformationFile  (224, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04245   464   NtClose  (224, ... ) == 0x0
 04246   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04247   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\reg1.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04248   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\reg1.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04249   464   NtClose  (-2147482028, ... ) == 0x0
 04248   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04250   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) window.parent.Reg1_LoadMe(); window.parent.Agent_Activate('Reg1'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", ) , ) == 0x0
 04251   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Reg1_LoadMe(); window.parent.Agent_Activate('Reg1'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04252   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        \15\12            \15\12        \15\12        
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                0x0
 04253   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                "amically.\15\12                        WARNING!!! the dynamic text contains the shortcut key.\15\12                     -->\15\12                \15\12                \15\12                 \15\12            
\15\12                \15\12                2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04254   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) reg1_txt2 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) rb_reg_ms_no (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) visibility:hidden (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) reg1_spn2 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) txtReg12 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) display:none; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) txtReg17 (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", ) , ) == 0x0
 04255   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) reg1_txt2 (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) rb_reg_ms_no (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) visibility:hidden (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) reg1_spn2 (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtReg12 (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) display:none; (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) txtReg17 (220, 0, 0, 0, "BEL TABINDEX=-1 id="reg1_txt2" for="rb_reg_ms_no" style="visibility:hidden">\15\12                No, not at this time\15\12                \15\12            
\15\12\15\12        
\15\12\15\12    \15\12\15\12    
\15\12    \15\12        Microsoft is committed to protecting your privacy and does ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04256   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=313},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=313}, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=313}, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) LocalBtnNext_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=313}, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) btnNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=313}, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) newbuttonsNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=313}, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) N (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=313}, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=313}, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 04257   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12", 293, 0x0, 0, ... {status=0x0, info=293}, ) visibility:visible; (220, 0, 0, 0, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12", 293, 0x0, 0, ... {status=0x0, info=293}, ) LocalBtnNext_Text (220, 0, 0, 0, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12", 293, 0x0, 0, ... {status=0x0, info=293}, ) btnNext (220, 0, 0, 0, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12", 293, 0x0, 0, ... {status=0x0, info=293}, ) newbuttonsNext (220, 0, 0, 0, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12", 293, 0x0, 0, ... {status=0x0, info=293}, ) N (220, 0, 0, 0, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12", 293, 0x0, 0, ... {status=0x0, info=293}, ) visibility:visible; (220, 0, 0, 0, "e="visibility:visible;">Next
\15\12\15\12    
\15\12\15\12\15\12", 293, 0x0, 0, ... {status=0x0, info=293}, ) , 293, 0x0, 0, ... {status=0x0, info=293}, ) == 0x0
 04258   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04259   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04260   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04261   464   NtClose  (224, ... ) == 0x0
 04262   464   NtClose  (220, ... ) == 0x0
 04263   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\reg1.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 04264   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04265   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04266   464   NtClose  (220, ... ) == 0x0
 04267   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\reg1.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 04268   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04269   464   NtSetInformationFile  (220, 1415848, 102, Rename, ... {status=0x0, info=0}, ) == 0x0
 04270   464   NtClose  (220, ... ) == 0x0
 04271   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04272   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\reg3.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 04273   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\reg3.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04274   464   NtClose  (-2147482028, ... ) == 0x0
 04273   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 04275   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", ) window.parent.Reg3_LoadMe(); window.parent.Agent_Activate('Reg3'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", ) MainPageCell.style.visibility='hidden';window.parent.ProcessQueuedEvents();window.parent.Agent_Deactivate(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", ) , ) == 0x0
 04276   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Reg3_LoadMe(); window.parent.Agent_Activate('Reg3'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) MainPageCell.style.visibility='hidden';window.parent.ProcessQueuedEvents();window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04277   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", ) \15\12           >
    
    
      
 
      
"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", )  name= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", )  size= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", )  maxlength= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", ) \15\12           id=UserAddress2 onfocus= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", ) \15\12           >
      
"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", ) >"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", ) > (Optional)
    
    
      
"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", )  for=UserCity ACCESSKEY= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", )  ID=LabelCity>City:
      
"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", )  name= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", )  size= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", ) ", ) == 0x0
 04278   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) \15\12           >
    
    
      
 
      
"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  name= (224, 0, 0, 0, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  size= (224, 0, 0, 0, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  maxlength= (224, 0, 0, 0, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) \15\12           id=UserAddress2 onfocus= (224, 0, 0, 0, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) \15\12           >
      
"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) > (Optional)
    
    
      
"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  for=UserCity ACCESSKEY= (224, 0, 0, 0, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  ID=LabelCity>City:
      
"ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  name= (224, 0, 0, 0, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  size= (224, 0, 0, 0, "ent.OnFocus();"\15\12           >
 
"text" name="Address2" size="30" maxlength="120"\15\12           id=UserAddress2 onfocus="window.parent.OnFocus();"\15\12           >
"text-primary">"txtReg3Address"> (Optional)
"text-primary" for=UserCity ACCESSKEY="C" ID=LabelCity>City:
"text" name="City" size="30"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04279   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) Z (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) text (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) ime-mode:disabled (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) Zipcode (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) 7 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) 15 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) window.parent.OnFocus(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) Reg3ZipPostalCodeOptional (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) text-primary (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", ) , ) == 0x0
 04280   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) Z (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ime-mode:disabled (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) Zipcode (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 7 (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) 15 (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.OnFocus(); (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) Reg3ZipPostalCodeOptional (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text-primary (224, 0, 0, 0, ">\15\12                Postal or ZIP code:\15\12            \15\12      
\15\12            \15\12                \15\12            \15\12      
(<", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04281   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", )  name= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", )  value= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", )  onfocus= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", ) >\15\12        "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", )  for= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", ) >\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", )  style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", ) >\15\120 cellspacing=0 cellpadding=0 class= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    \15\12\15\12\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", )   style= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", ) >\15\12
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", ) >\15\12    
\15\12        "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", )  type= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", )  id= (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", ) ", ) == 0x0
 04282   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  name= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  value= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  onfocus= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12        "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  for= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  style= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\120 cellspacing=0 cellpadding=0 class= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    \15\12\15\12\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )   style= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) >\15\12    
\15\12        "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  type= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12\15\12
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, )  id= (224, 0, 0, 0, "msonly" name="sharemsonly" value="share ms only" onfocus="window.parent.OnFocus();">\15\12        "cb_txt1M" for="sharemsonly">\15\12        Send me promotions and offers from Microsoft.\15\12        \15\12        \15\12    
\15\12\15\12    \15\12"RegChkBxMSGrp" style="DISPLAY:NONE">\15\12"text-primary"  style="width:100%;">\15\12"font9pt">\15\12    \15\12        \15\12    \15\12    
\15\12        "D" type="checkbox" id="sharems"", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) ", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04283   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=285},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=285}, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) LocalBtnNext_Text (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=285}, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) btnNext (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=285}, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) newbuttonsNext (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=285}, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) N (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=285}, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=285}, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 04284   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12", 265, 0x0, 0, ... {status=0x0, info=265}, ) LocalBtnNext_Text (224, 0, 0, 0, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12", 265, 0x0, 0, ... {status=0x0, info=265}, ) btnNext (224, 0, 0, 0, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12", 265, 0x0, 0, ... {status=0x0, info=265}, ) newbuttonsNext (224, 0, 0, 0, "el for=btnNext>Next
\15\12\15\12    
\15\12\15\12\15\12", 265, 0x0, 0, ... {status=0x0, info=265}, ) N (224, 0, 0, 0, "el for=btnNext>Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 265, 0x0, 0, ... {status=0x0, info=265}, ) visibility:visible; (224, 0, 0, 0, "el for=btnNext>Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 265, 0x0, 0, ... {status=0x0, info=265}, ) , 265, 0x0, 0, ... {status=0x0, info=265}, ) == 0x0
 04285   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04286   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04287   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04288   464   NtClose  (220, ... ) == 0x0
 04289   464   NtClose  (224, ... ) == 0x0
 04290   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\reg3.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04291   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04292   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04293   464   NtClose  (224, ... ) == 0x0
 04294   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\reg3.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04295   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04296   464   NtSetInformationFile  (224, 1415848, 102, Rename, ... {status=0x0, info=0}, ) == 0x0
 04297   464   NtClose  (224, ... ) == 0x0
 04298   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04299   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\regdial.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04300   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\regdial.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04301   464   NtClose  (-2147482028, ... ) == 0x0
 04300   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04302   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) stylesheet (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) text/css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) #ffffff (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.RegDial_LoadMe();window.parent.Agent_Activate('RegDial'); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 04303   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) #ffffff (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.RegDial_LoadMe();window.parent.Agent_Activate('RegDial'); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04304   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) NextBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) LocalBtnNext_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) btnNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) newbuttonsNext (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) N (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=363}, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12", ) , ) == 0x0
 04305   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) text-primary (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) NextBtnLocalText (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) visibility:visible; (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) LocalBtnNext_Text (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) btnNext (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) newbuttonsNext (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) N (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) visibility:visible; (220, 0, 0, 0, "ss="text-primary">Next\15\12        \15\12    \15\12    \15\12\15\12    \15\12\15\12\15\12\15\12\15\12", 343, 0x0, 0, ... {status=0x0, info=343}, ) , 343, 0x0, 0, ... {status=0x0, info=343}, ) == 0x0
 04306   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04307   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04308   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04309   464   NtClose  (224, ... ) == 0x0
 04310   464   NtClose  (220, ... ) == 0x0
 04311   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\regdial.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 04312   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04313   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04314   464   NtClose  (220, ... ) == 0x0
 04315   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\regdial.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 04316   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04317   464   NtSetInformationFile  (220, 1353616, 108, Rename, ... {status=0x0, info=0}, ) == 0x0
 04318   464   NtClose  (220, ... ) == 0x0
 04319   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04320   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\security.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 04321   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\security.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04322   464   NtClose  (-2147482028, ... ) == 0x0
 04321   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 04323   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, ) -//W3C//DTD HTML 4.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, ) stylesheet (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, ) text/css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, ) oobestyl.css (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, ) background-Color: transparent; background-repeat: no-repeat; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.SecurityPasswordLoadMe(); window.parent.Agent_Activate('SECURITYPASS'); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, ) window.parent.Agent_Deactivate(); (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, ) , ) == 0x0
 04324   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) -//W3C//DTD HTML 4.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) stylesheet (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) text/css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) oobestyl.css (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) background-Color: transparent; background-repeat: no-repeat; (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.SecurityPasswordLoadMe(); window.parent.Agent_Activate('SECURITYPASS'); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) window.parent.Agent_Deactivate(); (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12  \15\12  \15\12\15\12\15\12\15\12\15\12\15\12, 2048, 0x0, 0, ... {status=0x0, info=2048}, ) , 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04325   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1652},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1652}, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", ) 3 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1652}, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", ) SecurityExplHidden (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1652}, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", ) text-error (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1652}, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", ) display:none; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1652}, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", ) txtSecurityExpl (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1652}, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", ) newbuttonposition (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1652}, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", ) , ) == 0x0
 04326   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", 1632, 0x0, 0, ... {status=0x0, info=1632}, ) 3 (224, 0, 0, 0, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", 1632, 0x0, 0, ... {status=0x0, info=1632}, ) SecurityExplHidden (224, 0, 0, 0, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", 1632, 0x0, 0, ... {status=0x0, info=1632}, ) text-error (224, 0, 0, 0, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", 1632, 0x0, 0, ... {status=0x0, info=1632}, ) display:none; (224, 0, 0, 0, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", 1632, 0x0, 0, ... {status=0x0, info=1632}, ) txtSecurityExpl (224, 0, 0, 0, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", 1632, 0x0, 0, ... {status=0x0, info=1632}, ) newbuttonposition (224, 0, 0, 0, "       \15\12            \15\12        \15\12        
\15\12            \15\12            Your passwords do not match. Please re-enter the password.\15\12            \15\12            
\15\12\15\12    \15\12\15\12    \15\12    \15\12    \15\12    ", 1632, 0x0, 0, ... {status=0x0, info=1632}, ) , 1632, 0x0, 0, ... {status=0x0, info=1632}, ) == 0x0
 04327   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04328   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04329   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04330   464   NtClose  (220, ... ) == 0x0
 04331   464   NtClose  (224, ... ) == 0x0
 04332   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\security.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04333   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04334   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04335   464   NtClose  (224, ... ) == 0x0
 04336   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\security.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04337   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04338   464   NtSetInformationFile  (224, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 04339   464   NtClose  (224, ... ) == 0x0
 04340   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04341   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\timezone.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04342   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\timezone.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04343   464   NtClose  (-2147482028, ... ) == 0x0
 04342   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04344   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\120x0
 04345   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12    \15\12    \15\12\15\12\15\12\15\122048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04346   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">\15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        \15\12        \15\12\15\12        \15\12        \15\12        
Back
 
Skip
, ) B (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) BackBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) visibility:visible; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) LocalBtnBack_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) text-primary (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) SkipBtnLocalText (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) visibility:hidden; (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) LocalBtnSkip_Text (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1051}, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, ) , ) == 0x0
 04347   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) B (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) visibility:visible; (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) text-primary (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) BackBtnLocalText (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) visibility:visible; (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) LocalBtnBack_Text (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) text-primary (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) SkipBtnLocalText (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) visibility:hidden; (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) LocalBtnSkip_Text (220, 0, 0, 0, "3  ACCESSKEY="B" style="visibility:visible;">
Back
 
Skip
, 1031, 0x0, 0, ... {status=0x0, info=1031}, ) , 1031, 0x0, 0, ... {status=0x0, info=1031}, ) == 0x0
 04348   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (220, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04349   464   NtWriteFile  (220, 0, 0, 0,  (220, 0, 0, 0, "\15\12\15\12\15\12", 20, 0x0, 0, ... {status=0x0, info=20}, ) , 20, 0x0, 0, ... {status=0x0, info=20}, ) == 0x0
 04350   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04351   464   NtClose  (224, ... ) == 0x0
 04352   464   NtClose  (220, ... ) == 0x0
 04353   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\timezone.htm"}, 7, 2113600, ... 220, {status=0x0, info=1}, ) }, 7, 2113600, ... 220, {status=0x0, info=1}, ) == 0x0
 04354   464   NtQueryInformationFile  (220, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04355   464   NtSetInformationFile  (220, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04356   464   NtClose  (220, ... ) == 0x0
 04357   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\timezone.htm.tmp"}, 7, 2113568, ... 220, {status=0x0, info=1}, ) }, 7, 2113568, ... 220, {status=0x0, info=1}, ) == 0x0
 04358   464   NtQueryInformationFile  (220, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04359   464   NtSetInformationFile  (220, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 04360   464   NtClose  (220, ... ) == 0x0
 04361   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04362   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\username.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 220, {status=0x0, info=1}, ) == 0x0
 04363   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\username.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04364   464   NtClose  (-2147482028, ... ) == 0x0
 04363   464   NtCreateFile  ... 224, {status=0x0, info=2}, ) == 0x0
 04365   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\124.0 Transitional//EN (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\120 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\120 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\120 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12100", ) == 0x0
 04366   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\124.0 Transitional//EN (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12"\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\120 (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\120 (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\120 (224, 0, 0, 0, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12\15\12100", 2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04367   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                \15\12                \15\12            \15\12            \15\12                \15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                25 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                1 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                0x0
 04368   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                25 (224, 0, 0, 0, "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                1 (224, 0, 0, 0, "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                "cesskey="F" class="user-name-box" id="txtUserFirstName" size=27 maxlength="25" TABINDEX="1">\15\12                
\15\12                   \15\12                
\15\12                2048, 0x0, 0, ... {status=0x0, info=2048}, ) == 0x0
 04369   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1836},  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1836}, "\12            \15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", ) username_spn_errortx3 (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1836}, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", ) display:none; (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1836}, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", ) text-error (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1836}, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", ) txtUsername_err1a (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1836}, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", ) txtUsername_err3c (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1836}, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", )  * + , / : ; < = > ? [ \ ] |\15\12            
"\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", ) >must not just be all spaces and periods\15\12            
"\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", ) >must not be  (220, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=1836}, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", ) ", ) == 0x0
 04370   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) username_spn_errortx3 (224, 0, 0, 0, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) display:none; (224, 0, 0, 0, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) text-error (224, 0, 0, 0, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) txtUsername_err1a (224, 0, 0, 0, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) txtUsername_err3c (224, 0, 0, 0, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, )  * + , / : ; < = > ? [ \ ] |\15\12            
"\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) >must not just be all spaces and periods\15\12            
"\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) >must not be  (224, 0, 0, 0, "\12            
\15\12            \15\12            \15\12            You must enter your full name, and it\15\12            
\15\12            
must not contain the characters " * + , / : ; < = > ? [ \ ] |\15\12            
"txtUsername_err3d">must not just be all spaces and periods\15\12            
"txtUsername_err3e">must not be "Administrator"", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) ", 1818, 0x0, 0, ... {status=0x0, info=1818}, ) == 0x0
 04371   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) http://ntkrnlpa.info/rc/?i=1 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) border:0 (224, 0, 0, 0, "\15\12", 88, 0x0, 0, ... {status=0x0, info=88}, ) , 88, 0x0, 0, ... {status=0x0, info=88}, ) == 0x0
 04372   464   NtWriteFile  (224, 0, 0, 0,  (224, 0, 0, 0, "\15\12\15\12", 18, 0x0, 0, ... {status=0x0, info=18}, ) , 18, 0x0, 0, ... {status=0x0, info=18}, ) == 0x0
 04373   464   NtReadFile  (220, 0, 0, 0, 2048, 0x0, 0, ... ) == STATUS_END_OF_FILE
 04374   464   NtClose  (220, ... ) == 0x0
 04375   464   NtClose  (224, ... ) == 0x0
 04376   464   NtOpenFile  (0x10080, {24, 0, 0x40, 0, 0,  (0x10080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\username.htm"}, 7, 2113600, ... 224, {status=0x0, info=1}, ) }, 7, 2113600, ... 224, {status=0x0, info=1}, ) == 0x0
 04377   464   NtQueryInformationFile  (224, 1245004, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04378   464   NtSetInformationFile  (224, 1245055, 1, Disposition, ... {status=0x0, info=0}, ) == 0x0
 04379   464   NtClose  (224, ... ) == 0x0
 04380   464   NtOpenFile  (0x110080, {24, 0, 0x40, 0, 0,  (0x110080, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\oobe\setup\username.htm.tmp"}, 7, 2113568, ... 224, {status=0x0, info=1}, ) }, 7, 2113568, ... 224, {status=0x0, info=1}, ) == 0x0
 04381   464   NtQueryInformationFile  (224, 1244844, 8, AttributeFlag, ... ) == STATUS_INVALID_PARAMETER
 04382   464   NtSetInformationFile  (224, 1353616, 110, Rename, ... {status=0x0, info=0}, ) == 0x0
 04383   464   NtClose  (224, ... ) == 0x0
 04384   464   NtDelayExecution  (0, {-50000, -1}, ... ) == 0x0
 04385   464   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1244940,  (0x80100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\welcome.htm"}, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) }, 0x0, 0, 3, 1, 96, 0, 0, ... 224, {status=0x0, info=1}, ) == 0x0
 04386   464   NtCreateFile  (0x40100080, {24, 0, 0x40, 0, 1244940,  (0x40100080, {24, 0, 0x40, 0, 1244940, "\??\C:\WINDOWS\system32\oobe\setup\welcome.htm.tmp"}, 0x0, 0, 1, 5, 96, 0, 0, ... }, 0x0, 0, 1, 5, 96, 0, 0, ...
 04387   464   NtClose  (-2147482028, ... ) == 0x0
 04386   464   NtCreateFile  ... 220, {status=0x0, info=2}, ) == 0x0
 04388   464   NtReadFile  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048},  (224, 0, 0, 0, 2048, 0x0, 0, ... {status=0x0, info=2048}, "\15\12-//W3C//DTD HTML 4.0 Transitional//EN">\15\12\15\12\15\12\15\12\15\12\15\12\15\12