Summary:


NtAddAtom(>)  1 
NtQueryInformationProcess(>)  1 
NtGdiCreateCompatibleDC(>)  3 
NtUnmapViewOfSection(>)  9 

NtCallbackReturn(>)  1 
NtQueryObject(>)  1 
NtQueryDefaultLocale(>)  3 
NtQueryAttributesFile(>)  11 

NtCreateEvent(>)  1 
NtQuerySymbolicLinkObject(>)  1 
NtSetInformationObject(>)  3 
NtOpenFile(>)  12 

NtCreateFile(>)  1 
NtQueryVolumeInformationFile(>)  1 
NtUserRegisterWindowMessage(>)  3 
NtQueryDebugFilterState(>)  12 

NtDuplicateObject(>)  1 
NtRegisterThreadTerminatePort(>)  1 
NtQuerySection(>)  4 
NtQuerySystemInformation(>)  15 

NtFsControlFile(>)  1 
NtSecureConnectPort(>)  1 
NtGdiGetStockObject(>)  5 
NtOpenSection(>)  20 

NtGdiCreateBitmap(>)  1 
NtSetInformationThread(>)  1 
NtRequestWaitReplyPort(>)  5 
NtProtectVirtualMemory(>)  20 

NtGdiInit(>)  1 
NtTestAlert(>)  1 
NtUserSystemParametersInfo(>)  5 
NtQueryValueKey(>)  21 

NtGdiQueryFontAssocInfo(>)  1 
NtUserCallNoParam(>)  1 
NtContinue(>)  6 
NtUserFindExistingCursorIcon(>)  24 

NtGdiSelectBitmap(>)  1 
NtUserGetDC(>)  1 
NtOpenProcessTokenEx(>)  6 
NtMapViewOfSection(>)  25 

NtOpenEvent(>)  1 
NtUserGetThreadDesktop(>)  1 
NtOpenThreadTokenEx(>)  6 
NtUserRegisterClassExWOW(>)  34 

NtOpenKeyedEvent(>)  1 
NtGdiCreateSolidBrush(>)  2 
NtQueryDefaultUILanguage(>)  6 
NtUserGetClassInfo(>)  36 

NtOpenMutant(>)  1 
NtOpenDirectoryObject(>)  2 
NtFreeVirtualMemory(>)  8 
NtOpenKey(>)  37 

NtOpenProcess(>)  1 
NtOpenProcessToken(>)  2 
NtCreateSection(>)  9 
NtClose(>)  65 

NtOpenSymbolicLinkObject(>)  1 
NtQueryInstallUILanguage(>)  2 
NtFlushInstructionCache(>)  9 
NtAllocateVirtualMemory(>)  279 

NtQueryInformationFile(>)  1 
NtQueryVirtualMemory(>)  2 
NtQueryInformationToken(>)  9 

Trace:
 00001   452   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002   452   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00003   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00004   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00005   452   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00006   452   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00007   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00008   452   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00009   452   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00010   452   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00011   452   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00012   452   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00013   452   NtClose  (12, ... ) == 0x0
 00014   452   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\U:\startupscripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00015   452   NtQueryVolumeInformationFile  (12, 1243848, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00016   452   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... ) == STATUS_INVALID_PARAMETER
 00017   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243832, ... ) }, 1243832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019   452   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e60000), 0x0, 937984, ) == 0x0
 00020   452   NtClose  (16, ... ) == 0x0
 00021   452   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00022   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00023   452   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00024   452   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18481152}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18481152}, {0, 0, 0}, 200, 44, ) == 0x0
 00025   452   NtClose  (16, ... ) == 0x0
 00026   452   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00027   452   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00028   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00029   452   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00030   452   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00031   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 0, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" ... {28, 56, reply, 0, 436, 452, 1472, 0} "`W\30\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" )  ... {28, 56, reply, 0, 436, 452, 1472, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" ... {28, 56, reply, 0, 436, 452, 1472, 0} "`W\30\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" )  ) == 0x0
 00032   452   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00033   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00034   452   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00035   452   NtClose  (16, ... ) == 0x0
 00036   452   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00037   452   NtOpenMutant  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\NlsCacheMutant"}, ... 16, ) }, ... 16, ) == 0x0
 00038   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 28, ) }, ... 28, ) == 0x0
 00039   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00040   452   NtClose  (28, ... ) == 0x0
 00041   452   NtQueryDefaultLocale  (0, 2012046252, ... ) == 0x0
 00042   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 28, ) }, ... 28, ) == 0x0
 00043   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 212992, ) == 0x0
 00044   452   NtClose  (28, ... ) == 0x0
 00045   452   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 28, ) }, ... 28, ) == 0x0
 00046   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00047   452   NtQuerySection  (28, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00048   452   NtClose  (28, ... ) == 0x0
 00049   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 28, ) }, ... 28, ) == 0x0
 00050   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00051   452   NtClose  (28, ... ) == 0x0
 00052   452   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00053   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00054   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00055   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" ... {28, 56, reply, 0, 436, 452, 1475, 0} "\310\222\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" )  ... {28, 56, reply, 0, 436, 452, 1475, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" ... {28, 56, reply, 0, 436, 452, 1475, 0} "\310\222\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" )  ) == 0x0
 00056   452   NtProtectVirtualMemory  (-1, (0x92b000), 69632, 4, ... (0x92b000), 69632, 128, ) == 0x0
 00057   452   NtProtectVirtualMemory  (-1, (0x92b000), 69632, 128, ... (0x92b000), 69632, 4, ) == 0x0
 00058   452   NtFlushInstructionCache  (-1, 9613312, 69632, ... ) == 0x0
 00059   452   NtOpenProcessToken  (-1, 0x8, ... 28, ) == 0x0
 00060   452   NtQueryInformationToken  (28, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00061   452   NtClose  (28, ... ) == 0x0
 00062   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00063   452   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00064   452   NtClose  (28, ... ) == 0x0
 00065   452   NtTestAlert  (... ) == 0x0
 00066   452   NtContinue  (1244464, 1, ...
 00067   452   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x401000,}, 4, ... ) == 0x0
 00068   452   NtContinue  (1244400, 0, ...
 00069   452   NtAllocateVirtualMemory  (-1, 0, 0, 5924, 4096, 64, ... 3276800, 8192, ) == 0x0
 00070   452   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 28, ) }, ... 28, ) == 0x0
 00071   452   NtQueryValueKey  (28,  (28, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00072   452   NtClose  (28, ... ) == 0x0
 00073   452   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00074   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "user32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00075   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77d40000), 0x0, 577536, ) == 0x0
 00076   452   NtClose  (28, ... ) == 0x0
 00077   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00078   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c70000), 0x0, 262144, ) == 0x0
 00079   452   NtClose  (28, ... ) == 0x0
 00080   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00081   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 569344, ) == 0x0
 00082   452   NtClose  (28, ... ) == 0x0
 00083   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00084   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77cc0000), 0x0, 479232, ) == 0x0
 00085   452   NtClose  (28, ... ) == 0x0
 00086   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00087   452   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00088   452   NtQueryValueKey  (28,  (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00089   452   NtClose  (28, ... ) == 0x0
 00090   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 28, ) }, ... 28, ) == 0x0
 00091   452   NtQueryValueKey  (28,  (28, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00092   452   NtClose  (28, ... ) == 0x0
 00093   452   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 28, ) }, ... 28, ) == 0x0
 00094   452   NtSetInformationObject  (28, Handle, {Inherit=0,ProtectFromClose=1,}, 2011365632, ... ) == 0x0
 00095   452   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00096   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00097   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\32\1\0\0\0\0\314\4\23\0\374\207\16\366\3\0\0\0\234\6\32\1$\1\0\0" ... {28, 56, reply, 0, 436, 452, 1479, 0} "XQ\26\0\0\0\0\0\0\0\0\0\374\207\16\366\3\0\0\0\234\6\32\1$\1\0\0" )  ... {28, 56, reply, 0, 436, 452, 1479, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\32\1\0\0\0\0\314\4\23\0\374\207\16\366\3\0\0\0\234\6\32\1$\1\0\0" ... {28, 56, reply, 0, 436, 452, 1479, 0} "XQ\26\0\0\0\0\0\0\0\0\0\374\207\16\366\3\0\0\0\234\6\32\1$\1\0\0" )  ) == 0x0
 00098   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00099   452   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x940000), 0x0, 1060864, ) == 0x0
 00100   452   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 36, ) == 0x0
 00101   452   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00102   452   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147482032, ) == 0x0
 00103   452   NtQueryInformationToken  (-2147482032, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00104   452   NtQueryInformationToken  (-2147482032, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00105   452   NtClose  (-2147482032, ... ) == 0x0
 00106   452   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 10813440, 4096, ) == 0x0
 00107   452   NtFreeVirtualMemory  (-1, (0xa50000), 4096, 32768, ... (0xa50000), 4096, ) == 0x0
 00108   452   NtDuplicateObject  (-1, 40, -1, 0x0, 0, 2, ... 48, ) == 0x0
 00109   452   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00110   452   NtQueryValueKey  (-2147482032,  (-2147482032, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00111   452   NtClose  (-2147482032, ... ) == 0x0
 00112   452   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00113   452   NtQueryValueKey  (-2147482032,  (-2147482032, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00114   452   NtClose  (-2147482032, ... ) == 0x0
 00115   452   NtQueryDefaultLocale  (0, -104224244, ... ) == 0x0
 00116   452   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00117   452   NtUserCallNoParam  (24, ... ) == 0x0
 00118   452   NtGdiCreateCompatibleDC  (0, ...
 00119   452   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 10813440, 4096, ) == 0x0
 00118   452   NtGdiCreateCompatibleDC  ... ) == 0x190103c3
 00120   452   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00121   452   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00122   452   NtGdiCreateBitmap  (8, 8, 1, 1, 2010393708, ... ) == 0x1105039a
 00123   452   NtGdiCreateSolidBrush  (0, 0, ...
 00124   452   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 14024704, 4096, ) == 0x0
 00123   452   NtGdiCreateSolidBrush  ... ) == 0x131003ce
 00125   452   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00126   452   NtGdiCreateCompatibleDC  (0, ... ) == 0x3e01040c
 00127   452   NtGdiSelectBitmap  (1040253964, 285541274, ... ) == 0x185000f
 00128   452   NtUserGetThreadDesktop  (452, 0, ... ) == 0x2c
 00129   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 52, ) }, ... 52, ) == 0x0
 00130   452   NtQueryValueKey  (52,  (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00131   452   NtClose  (52, ... ) == 0x0
 00132   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00133   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 673, 128, 0, ... ) == 0x810dc017
 00134   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00135   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 674, 128, 0, ... ) == 0x810dc01c
 00136   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00137   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 675, 128, 0, ... ) == 0x810dc01e
 00138   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00139   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 676, 128, 0, ... ) == 0x810d8002
 00140   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10013
 00141   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 677, 128, 0, ... ) == 0x810dc018
 00142   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00143   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 678, 128, 0, ... ) == 0x810dc01a
 00144   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00145   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 679, 128, 0, ... ) == 0x810dc01d
 00146   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00147   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 681, 128, 0, ...
 00148   452   NtAllocateVirtualMemory  (-1, 10973184, 0, 4096, 4096, 32, ... 10973184, 4096, ) == 0x0
 00147   452   NtUserRegisterClassExWOW  ... ) == 0x810dc026
 00149   452   NtUserFindExistingCursorIcon  (1240824, 1240840, 1241408, ... ) == 0x10011
 00150   452   NtUserRegisterClassExWOW  (1241344, 1241424, 1241408, 1241440, 680, 128, 0, ... ) == 0x810dc019
 00151   452   NtUserRegisterClassExWOW  (1241296, 1241376, 1241360, 1241392, 0, 128, 0, ... ) == 0x810dc020
 00152   452   NtUserRegisterClassExWOW  (1241296, 1241372, 1241388, 1241360, 0, 130, 0, ... ) == 0x810dc022
 00153   452   NtUserRegisterClassExWOW  (1241296, 1241376, 1241360, 1241392, 0, 128, 0, ... ) == 0x810dc023
 00154   452   NtUserRegisterClassExWOW  (1241296, 1241372, 1241388, 1241360, 0, 130, 0, ... ) == 0x810dc024
 00155   452   NtUserRegisterClassExWOW  (1241296, 1241376, 1241360, 1241392, 0, 128, 0, ... ) == 0x810dc025
 00156   452   NtCallbackReturn  (0, 0, 0, ...
 00157   452   NtGdiInit  (... ) == 0x1
 00158   452   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00159   452   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00160   452   NtAllocateVirtualMemory  (-1, 0, 0, 66604, 4096, 64, ... 14090240, 69632, ) == 0x0
 00161   452   NtAllocateVirtualMemory  (-1, 0, 0, 78688, 4096, 4, ... 14221312, 81920, ) == 0x0
 00162   452   NtFreeVirtualMemory  (-1, (0xd90000), 0, 32768, ... (0xd90000), 81920, ) == 0x0
 00163   452   NtProtectVirtualMemory  (-1, (0x400000), 4096, 4, ... (0x400000), 4096, 2, ) == 0x0
 00164   452   NtProtectVirtualMemory  (-1, (0x400000), 4096, 2, ... (0x400000), 4096, 4, ) == 0x0
 00165   452   NtProtectVirtualMemory  (-1, (0x400000), 4096, 4, ... (0x400000), 4096, 2, ) == 0x0
 00166   452   NtProtectVirtualMemory  (-1, (0x400000), 4096, 2, ... (0x400000), 4096, 4, ) == 0x0
 00167   452   NtFreeVirtualMemory  (-1, (0xd70000), 0, 32768, ... (0xd70000), 69632, ) == 0x0
 00168   452   NtAllocateVirtualMemory  (-1, 0, 0, 8192, 4096, 64, ... 14090240, 8192, ) == 0x0
 00169   452   NtAllocateVirtualMemory  (-1, 0, 0, 90112, 4096, 64, ... 14155776, 90112, ) == 0x0
 00170   452   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00171   452   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 4096, 64, ... 14286848, 4096, ) == 0x0
 00172   452   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00173   452   NtAllocateVirtualMemory  (-1, 0, 0, 24576, 4096, 64, ... 14352384, 24576, ) == 0x0
 00174   452   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00175   452   NtAllocateVirtualMemory  (-1, 0, 0, 8192, 4096, 64, ... 14417920, 8192, ) == 0x0
 00176   452   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00177   452   NtAllocateVirtualMemory  (-1, 0, 0, 30069, 4096, 64, ... 14483456, 32768, ) == 0x0
 00178   452   NtFreeVirtualMemory  (-1, (0x2c), 0, 16384, ... ) == STATUS_MEMORY_NOT_ALLOCATED
 00179   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "MSVCRT.dll"}, ... 52, ) }, ... 52, ) == 0x0
 00180   452   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 339968, ) == 0x0
 00181   452   NtClose  (52, ... ) == 0x0
 00182   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00183   452   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 14548992, 65536, ) == 0x0
 00184   452   NtAllocateVirtualMemory  (-1, 14548992, 0, 4096, 4096, 4, ... 14548992, 4096, ) == 0x0
 00185   452   NtAllocateVirtualMemory  (-1, 14553088, 0, 8192, 4096, 4, ... 14553088, 8192, ) == 0x0
 00186   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 52, ) }, ... 52, ) == 0x0
 00187   452   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0xdf0000), 0x0, 12288, ) == 0x0
 00188   452   NtClose  (52, ... ) == 0x0
 00189   452   NtAllocateVirtualMemory  (-1, 14561280, 0, 4096, 4096, 4, ... 14561280, 4096, ) == 0x0
 00190   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00191   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2_32.dll"}, 1243032, ... ) }, 1243032, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00192   452   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2_32.dll"}, 1243032, ... ) }, 1243032, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00193   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 1243032, ... ) }, 1243032, ... ) == 0x0
 00194   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00195   452   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 52, ... 56, ) == 0x0
 00196   452   NtQuerySection  (56, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00197   452   NtOpenProcessToken  (-1, 0x8, ... 60, ) == 0x0
 00198   452   NtQueryInformationToken  (60, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00199   452   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00200   452   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 64, ) }, ... 64, ) == 0x0
 00201   452   NtQueryValueKey  (64,  (64, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (64, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00202   452   NtClose  (64, ... ) == 0x0
 00203   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00204   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 64, ) == 0x0
 00205   452   NtQueryInformationToken  (64, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00206   452   NtClose  (64, ... ) == 0x0
 00207   452   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00208   452   NtClose  (60, ... ) == 0x0
 00209   452   NtClose  (52, ... ) == 0x0
 00210   452   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71ab0000), 0x0, 86016, ) == 0x0
 00211   452   NtClose  (56, ... ) == 0x0
 00212   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00213   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2HELP.dll"}, 1242228, ... ) }, 1242228, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00214   452   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2HELP.dll"}, 1242228, ... ) }, 1242228, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00215   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 1242228, ... ) }, 1242228, ... ) == 0x0
 00216   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 5, 96, ... 56, {status=0x0, info=1}, ) }, 5, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00217   452   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 56, ... 52, ) == 0x0
 00218   452   NtQuerySection  (52, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00219   452   NtClose  (56, ... ) == 0x0
 00220   452   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71aa0000), 0x0, 32768, ) == 0x0
 00221   452   NtClose  (52, ... ) == 0x0
 00222   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00223   452   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00224   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHELL32.dll"}, ... 52, ) }, ... 52, ) == 0x0
 00225   452   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x773d0000), 0x0, 8339456, ) == 0x0
 00226   452   NtClose  (52, ... ) == 0x0
 00227   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHLWAPI.dll"}, ... 52, ) }, ... 52, ) == 0x0
 00228   452   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x772d0000), 0x0, 405504, ) == 0x0
 00229   452   NtClose  (52, ... ) == 0x0
 00230   452   NtOpenKey  (0x2000000, {24, 28, 0x40, 0, 0,  (0x2000000, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Performance"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00231   452   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SYSTEM\Setup"}, ... 52, ) }, ... 52, ) == 0x0
 00232   452   NtQueryValueKey  (52,  (52, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (52, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00233   452   NtClose  (52, ... ) == 0x0
 00234   452   NtQueryDefaultUILanguage  (1241388, ...
 00235   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00236   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482032, ) == 0x0
 00237   452   NtQueryInformationToken  (-2147482032, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00238   452   NtClose  (-2147482032, ... ) == 0x0
 00239   452   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00240   452   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00241   452   NtOpenKey  (0x80000000, {24, -2147482032, 0x640, 0, 0,  (0x80000000, {24, -2147482032, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482044, ) }, ... -2147482044, ) == 0x0
 00242   452   NtQueryValueKey  (-2147482044,  (-2147482044, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00243   452   NtClose  (-2147482044, ... ) == 0x0
 00244   452   NtClose  (-2147482032, ... ) == 0x0
 00234   452   NtQueryDefaultUILanguage  ... ) == 0x0
 00245   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00246   452   NtQueryInstallUILanguage  (2012047340, ... ) == 0x0
 00247   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll"}, 1, 96, ... 52, {status=0x0, info=1}, ) }, 1, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00248   452   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 52, ... 56, ) == 0x0
 00249   452   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0xe00000), 0x0, 8323072, ) == 0x0
 00250   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll.124.Manifest"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00251   452   NtQueryDefaultUILanguage  (2013024600, ...
 00252   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00253   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482032, ) == 0x0
 00254   452   NtQueryInformationToken  (-2147482032, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00255   452   NtClose  (-2147482032, ... ) == 0x0
 00256   452   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00257   452   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00258   452   NtOpenKey  (0x80000000, {24, -2147482032, 0x640, 0, 0,  (0x80000000, {24, -2147482032, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482044, ) }, ... -2147482044, ) == 0x0
 00259   452   NtQueryValueKey  (-2147482044,  (-2147482044, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00260   452   NtClose  (-2147482044, ... ) == 0x0
 00261   452   NtClose  (-2147482032, ... ) == 0x0
 00251   452   NtQueryDefaultUILanguage  ... ) == 0x0
 00262   452   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ... 1228800, 4096, ) == 0x0
 00263   452   NtQueryInstallUILanguage  (2013024602, ... ) == 0x0
 00264   452   NtQueryDefaultLocale  (1, 1239424, ... ) == 0x0
 00265   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll.124.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00266   452   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1240280, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1240280, 1, 96, 0} "\210\6\32\1\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\14\0\0\0\377\377\377\377\0\0\0\0\20\311\27\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\330\363\22\0\0\0\0\0" ... {128, 156, reply, 0, 436, 452, 1488, 0} " S\26\0\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\14\0\0\0\377\377\377\377\0\0\0\0\20\311\27\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\330\363\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 436, 452, 1488, 0}  (24, {128, 156, new_msg, 0, 1240280, 1, 96, 0} "\210\6\32\1\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\14\0\0\0\377\377\377\377\0\0\0\0\20\311\27\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\330\363\22\0\0\0\0\0" ... {128, 156, reply, 0, 436, 452, 1488, 0} " S\26\0\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\14\0\0\0\377\377\377\377\0\0\0\0\20\311\27\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\330\363\22\0\0\0\0\0" )  ) == 0x0
 00267   452   NtClose  (52, ... ) == 0x0
 00268   452   NtClose  (56, ... ) == 0x0
 00269   452   NtUnmapViewOfSection  (-1, 0xe00000, ... ) == 0x0
 00270   452   NtUnmapViewOfSection  (-1, 0x12f3d8, ... ) == STATUS_NOT_MAPPED_VIEW
 00271   452   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00272   452   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00273   452   NtOpenKey  (0x8, {24, 0, 0x40, 0, 0,  (0x8, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00274   452   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00275   452   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00276   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local\"}, 1238508, ... ) }, 1238508, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00277   452   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00278   452   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00279   452   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00280   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 1239100, ... ) }, 1239100, ... ) == 0x0
 00281   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 3, 33, ... 56, {status=0x0, info=1}, ) }, 3, 33, ... 56, {status=0x0, info=1}, ) == 0x0
 00282   452   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00283   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00284   452   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 52, ... 60, ) == 0x0
 00285   452   NtClose  (52, ... ) == 0x0
 00286   452   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0xe00000), 0x0, 921600, ) == 0x0
 00287   452   NtClose  (60, ... ) == 0x0
 00288   452   NtUnmapViewOfSection  (-1, 0xe00000, ... ) == 0x0
 00289   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... 60, {status=0x0, info=1}, ) }, 5, 96, ... 60, {status=0x0, info=1}, ) == 0x0
 00290   452   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 60, ... 52, ) == 0x0
 00291   452   NtQuerySection  (52, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00292   452   NtClose  (60, ... ) == 0x0
 00293   452   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71950000), 0x0, 933888, ) == 0x0
 00294   452   NtClose  (52, ... ) == 0x0
 00295   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00296   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00297   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00298   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00299   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00300   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00301   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00302   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00303   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00304   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00305   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00306   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00307   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00308   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00309   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00310   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00311   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00312   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00313   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ... (0x71951000), 4096, 32, ) == 0x0
 00314   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ... (0x71951000), 4096, 4, ) == 0x0
 00315   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ... ) == 0x0
 00316   452   NtAddAtom  ( ("T\0h\0e\0m\0e\0P\0r\0o\0p\0S\0c\0r\0o\0l\0l\0B\0a\0r\0C\0t\0l\0", 42, 1240284, ... ) , 42, 1240284, ... ) == 0x0
 00317   452   NtQueryDefaultUILanguage  (1239000, ...
 00318   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00319   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482032, ) == 0x0
 00320   452   NtQueryInformationToken  (-2147482032, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00321   452   NtClose  (-2147482032, ... ) == 0x0
 00322   452   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00323   452   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00324   452   NtOpenKey  (0x80000000, {24, -2147482032, 0x640, 0, 0,  (0x80000000, {24, -2147482032, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482044, ) }, ... -2147482044, ) == 0x0
 00325   452   NtQueryValueKey  (-2147482044,  (-2147482044, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00326   452   NtClose  (-2147482044, ... ) == 0x0
 00327   452   NtClose  (-2147482032, ... ) == 0x0
 00317   452   NtQueryDefaultUILanguage  ... ) == 0x0
 00328   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00329   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237852, ... ) }, 1237852, ... ) == 0x0
 00330   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00331   452   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 52, ... 60, ) == 0x0
 00332   452   NtClose  (52, ... ) == 0x0
 00333   452   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0xe00000), 0x0, 4096, ) == 0x0
 00334   452   NtClose  (60, ... ) == 0x0
 00335   452   NtUnmapViewOfSection  (-1, 0xe00000, ... ) == 0x0
 00336   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237492, ... ) }, 1237492, ... ) == 0x0
 00337   452   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1238192,  (0x80100080, {24, 0, 0x40, 0, 1238192, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 0x0, 0, 5, 1, 96, 0, 0, ... 60, {status=0x0, info=1}, ) }, 0x0, 0, 5, 1, 96, 0, 0, ... 60, {status=0x0, info=1}, ) == 0x0
 00338   452   NtCreateSection  (0xf0005, 0x0, 0x0, 2, 134217728, 60, ... 52, ) == 0x0
 00339   452   NtClose  (60, ... ) == 0x0
 00340   452   NtMapViewOfSection  (52, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0xe00000), {0, 0}, 4096, ) == 0x0
 00341   452   NtClose  (52, ... ) == 0x0
 00342   452   NtUnmapViewOfSection  (-1, 0xe00000, ... ) == 0x0
 00343   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1, 96, ... 52, {status=0x0, info=1}, ) }, 1, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00344   452   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 52, ... 60, ) == 0x0
 00345   452   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ... (0xe00000), 0x0, 4096, ) == 0x0
 00346   452   NtQueryInformationFile  (52, 1237812, 56, NetworkOpen, ... {status=0x0, info=56}, ) == 0x0
 00347   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Config"}, 1, 96, ... ) }, 1, 96, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00348   452   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1237892, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1237892, 1, 96, 0} "\210\6\32\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\14\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\204\352\22\0\0\0\0\0" ... {128, 156, reply, 0, 436, 452, 1489, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\14\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\204\352\22\0\0\0\0\0" )  ... {128, 156, reply, 0, 436, 452, 1489, 0}  (24, {128, 156, new_msg, 0, 1237892, 1, 96, 0} "\210\6\32\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\14\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\204\352\22\0\0\0\0\0" ... {128, 156, reply, 0, 436, 452, 1489, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\14\0\0\0<\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\204\352\22\0\0\0\0\0" )  ) == 0x0
 00349   452   NtClose  (52, ... ) == 0x0
 00350   452   NtClose  (60, ... ) == 0x0
 00351   452   NtUnmapViewOfSection  (-1, 0xe00000, ... ) == 0x0
 00352   452   NtUnmapViewOfSection  (-1, 0x12ea84, ... ) == STATUS_NOT_MAPPED_VIEW
 00353   452   NtQueryDebugFilterState  (53, 2, ... ) == 0x0
 00354   452   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... ) , ... ) == 0xc03a
 00355   452   NtUserSystemParametersInfo  (104, 0, 1906151468, 0, ... ) == 0x1
 00356   452   NtUserGetDC  (0, ... ) == 0x1010054
 00357   452   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00358   452   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00359   452   NtContinue  (1237848, 0, ...
 00360   452   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00361   452   NtUnmapViewOfSection  (-1, 0x71950000, ... ) == 0x0
 00362   452   NtQueryDebugFilterState  (87, 3, ... ) == 0x0
 00363   452   NtUnmapViewOfSection  (-1, 0x15f0000, ... ) == 0x0
 00364   452   NtClose  (56, ... ) == 0x0
 00365   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "comctl32.dll"}, ... 56, ) }, ... 56, ) == 0x0
 00366   452   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77340000), 0x0, 569344, ) == 0x0
 00367   452   NtClose  (56, ... ) == 0x0
 00368   452   NtOpenProcess  (0x400, {24, 0, 0x0, 0, 0, 0x0}, {436, 0}, ... 56, ) == 0x0
 00369   452   NtQueryInformationProcess  (56, Session, 4, ... {SessionId=0,}, 0x0, ) == 0x0
 00370   452   NtClose  (56, ... ) == 0x0
 00371   452   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... ) , ... ) == 0xc03a
 00372   452   NtUserSystemParametersInfo  (104, 0, 2000318720, 0, ... ) == 0x1
 00373   452   NtUserSystemParametersInfo  (38, 4, 2000318708, 0, ... ) == 0x1
 00374   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00375   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 56, ) == 0x0
 00376   452   NtQueryInformationToken  (56, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00377   452   NtClose  (56, ... ) == 0x0
 00378   452   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... 56, ) }, ... 56, ) == 0x0
 00379   452   NtSetInformationObject  (56, Handle, {Inherit=0,ProtectFromClose=1,}, 1179904, ... ) == 0x0
 00380   452   NtOpenKey  (0x20019, {24, 56, 0x40, 0, 0,  (0x20019, {24, 56, 0x40, 0, 0, "Control Panel\Desktop"}, ... 60, ) }, ... 60, ) == 0x0
 00381   452   NtQueryValueKey  (60,  (60, "SmoothScroll", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00382   452   NtClose  (60, ... ) == 0x0
 00383   452   NtUserSystemParametersInfo  (41, 500, 1239872, 0, ... ) == 0x1
 00384   452   NtUserSystemParametersInfo  (102, 0, 2000318732, 0, ... ) == 0x1
 00385   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00386   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00387   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc03b
 00388   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00389   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc03d
 00390   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00391   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00392   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc03f
 00393   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00394   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00395   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc041
 00396   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00397   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00398   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc043
 00399   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00400   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc045
 00401   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00402   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00403   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc047
 00404   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00405   452   NtUserFindExistingCursorIcon  (1239660, 1239676, 1240244, ... ) == 0x10011
 00406   452   NtUserRegisterClassExWOW  (1240112, 1240192, 1240176, 1240208, 0, 384, 0, ... ) == 0x810dc049
 00407   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00408   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00409   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc04b
 00410   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00411   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00412   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc04d
 00413   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00414   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00415   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc04f
 00416   452   NtUserGetClassInfo  (1999896576, 1240284, 1240236, 1240312, 0, ... ) == 0x0
 00417   452   NtUserRegisterClassExWOW  (1240120, 1240200, 1240184, 1240216, 0, 384, 0, ... ) == 0x810dc051
 00418   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00419   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00420   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc053
 00421   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00422   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00423   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc055
 00424   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc057
 00425   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00426   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00427   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc059
 00428   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00429   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10013
 00430   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc05b
 00431   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00432   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00433   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc05d
 00434   452   NtUserGetClassInfo  (1999896576, 1240280, 1240232, 1240308, 0, ... ) == 0x0
 00435   452   NtUserFindExistingCursorIcon  (1239664, 1239680, 1240248, ... ) == 0x10011
 00436   452   NtUserRegisterClassExWOW  (1240116, 1240196, 1240180, 1240212, 0, 384, 0, ... ) == 0x810dc05f
 00437   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc03b
 00438   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc03d
 00439   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc03f
 00440   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc041
 00441   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc043
 00442   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc045
 00443   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc047
 00444   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc049
 00445   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc04b
 00446   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc04d
 00447   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc04f
 00448   452   NtUserGetClassInfo  (1999896576, 1243128, 1243080, 1243156, 0, ... ) == 0xc051
 00449   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc053
 00450   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc055
 00451   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc059
 00452   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc05b
 00453   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc05d
 00454   452   NtUserGetClassInfo  (1999896576, 1243124, 1243076, 1243152, 0, ... ) == 0xc05f
 00455   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "OLEAUT32.dll"}, ... 60, ) }, ... 60, ) == 0x0
 00456   452   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77120000), 0x0, 569344, ) == 0x0
 00457   452   NtClose  (60, ... ) == 0x0
 00458   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "OLE32.DLL"}, ... 60, ) }, ... 60, ) == 0x0
 00459   452   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x771b0000), 0x0, 1155072, ) == 0x0
 00460   452   NtClose  (60, ... ) == 0x0
 00461   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00462   452   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00463   452   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Control\Session Manager"}, ... 60, ) }, ... 60, ) == 0x0
 00464   452   NtQueryValueKey  (60,  (60, "CriticalSectionTimeout", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (60, "CriticalSectionTimeout", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) }, 16, ) == 0x0
 00465   452   NtClose  (60, ... ) == 0x0
 00466   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00467   452   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00468   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00469   452   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00470   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface"}, ... 60, ) }, ... 60, ) == 0x0
 00471   452   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableAll", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00472   452   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableAllForOle32", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00473   452   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableTypeLib", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00474   452   NtClose  (60, ... ) == 0x0
 00475   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}"}, ... 60, ) }, ... 60, ) == 0x0
 00476   452   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableAll", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00477   452   NtQueryValueKey  (60,  (60, "InterfaceHelperDisableAllForOle32", Full, 0, ... ) , Full, 0, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00478   452   NtClose  (60, ... ) == 0x0
 00479   452   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 60, ) }, ... 60, ) == 0x0
 00480   452   NtOpenEvent  (0x1f0003, {24, 60, 0x0, 0, 0,  (0x1f0003, {24, 60, 0x0, 0, 0, "HookSwitchHookEnabledEvent"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00481   452   NtUserRegisterWindowMessage  ( ("{FB8F0821-0164-101B-84ED-08002B2EC713}", ... ) , ... ) == 0xc07b
 00482   452   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00483   452   NtOpenKey  (0x9, {24, 28, 0x40, 0, 0,  (0x9, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT\UserEra"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00484   452   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00485   452   NtContinue  (1242868, 0, ...
 00486   452   NtAllocateVirtualMemory  (-1, 0, 0, 4243456, 4096, 64, ... 14811136, 4243456, ) == 0x0
 00487   452   NtAllocateVirtualMemory  (-1, 1224704, 0, 4096, 4096, 260, ... 1224704, 4096, ) == 0x0
 00488   452   NtAllocateVirtualMemory  (-1, 1220608, 0, 4096, 4096, 260, ... 1220608, 4096, ) == 0x0
 00489   452   NtAllocateVirtualMemory  (-1, 1216512, 0, 4096, 4096, 260, ... 1216512, 4096, ) == 0x0
 00490   452   NtAllocateVirtualMemory  (-1, 1212416, 0, 4096, 4096, 260, ... 1212416, 4096, ) == 0x0
 00491   452   NtAllocateVirtualMemory  (-1, 1208320, 0, 4096, 4096, 260, ... 1208320, 4096, ) == 0x0
 00492   452   NtAllocateVirtualMemory  (-1, 1204224, 0, 4096, 4096, 260, ... 1204224, 4096, ) == 0x0
 00493   452   NtAllocateVirtualMemory  (-1, 1200128, 0, 4096, 4096, 260, ... 1200128, 4096, ) == 0x0
 00494   452   NtAllocateVirtualMemory  (-1, 1196032, 0, 4096, 4096, 260, ... 1196032, 4096, ) == 0x0
 00495   452   NtAllocateVirtualMemory  (-1, 1191936, 0, 4096, 4096, 260, ... 1191936, 4096, ) == 0x0
 00496   452   NtAllocateVirtualMemory  (-1, 1187840, 0, 4096, 4096, 260, ... 1187840, 4096, ) == 0x0
 00497   452   NtAllocateVirtualMemory  (-1, 1183744, 0, 4096, 4096, 260, ... 1183744, 4096, ) == 0x0
 00498   452   NtAllocateVirtualMemory  (-1, 1179648, 0, 4096, 4096, 260, ... 1179648, 4096, ) == 0x0
 00499   452   NtAllocateVirtualMemory  (-1, 1175552, 0, 4096, 4096, 260, ... 1175552, 4096, ) == 0x0
 00500   452   NtAllocateVirtualMemory  (-1, 1171456, 0, 4096, 4096, 260, ... 1171456, 4096, ) == 0x0
 00501   452   NtAllocateVirtualMemory  (-1, 1167360, 0, 4096, 4096, 260, ... 1167360, 4096, ) == 0x0
 00502   452   NtAllocateVirtualMemory  (-1, 1163264, 0, 4096, 4096, 260, ... 1163264, 4096, ) == 0x0
 00503   452   NtAllocateVirtualMemory  (-1, 1159168, 0, 4096, 4096, 260, ... 1159168, 4096, ) == 0x0
 00504   452   NtAllocateVirtualMemory  (-1, 1155072, 0, 4096, 4096, 260, ... 1155072, 4096, ) == 0x0
 00505   452   NtAllocateVirtualMemory  (-1, 1150976, 0, 4096, 4096, 260, ... 1150976, 4096, ) == 0x0
 00506   452   NtAllocateVirtualMemory  (-1, 1146880, 0, 4096, 4096, 260, ... 1146880, 4096, ) == 0x0
 00507   452   NtAllocateVirtualMemory  (-1, 1142784, 0, 4096, 4096, 260, ... 1142784, 4096, ) == 0x0
 00508   452   NtAllocateVirtualMemory  (-1, 1138688, 0, 4096, 4096, 260, ... 1138688, 4096, ) == 0x0
 00509   452   NtAllocateVirtualMemory  (-1, 1134592, 0, 4096, 4096, 260, ... 1134592, 4096, ) == 0x0
 00510   452   NtAllocateVirtualMemory  (-1, 1130496, 0, 4096, 4096, 260, ... 1130496, 4096, ) == 0x0
 00511   452   NtAllocateVirtualMemory  (-1, 1126400, 0, 4096, 4096, 260, ... 1126400, 4096, ) == 0x0
 00512   452   NtAllocateVirtualMemory  (-1, 1122304, 0, 4096, 4096, 260, ... 1122304, 4096, ) == 0x0
 00513   452   NtAllocateVirtualMemory  (-1, 1118208, 0, 4096, 4096, 260, ... 1118208, 4096, ) == 0x0
 00514   452   NtAllocateVirtualMemory  (-1, 1114112, 0, 4096, 4096, 260, ... 1114112, 4096, ) == 0x0
 00515   452   NtAllocateVirtualMemory  (-1, 1110016, 0, 4096, 4096, 260, ... 1110016, 4096, ) == 0x0
 00516   452   NtAllocateVirtualMemory  (-1, 1105920, 0, 4096, 4096, 260, ... 1105920, 4096, ) == 0x0
 00517   452   NtAllocateVirtualMemory  (-1, 1101824, 0, 4096, 4096, 260, ... 1101824, 4096, ) == 0x0
 00518   452   NtAllocateVirtualMemory  (-1, 1097728, 0, 4096, 4096, 260, ... 1097728, 4096, ) == 0x0
 00519   452   NtAllocateVirtualMemory  (-1, 1093632, 0, 4096, 4096, 260, ... 1093632, 4096, ) == 0x0
 00520   452   NtAllocateVirtualMemory  (-1, 1089536, 0, 4096, 4096, 260, ... 1089536, 4096, ) == 0x0
 00521   452   NtAllocateVirtualMemory  (-1, 1085440, 0, 4096, 4096, 260, ... 1085440, 4096, ) == 0x0
 00522   452   NtAllocateVirtualMemory  (-1, 1081344, 0, 4096, 4096, 260, ... 1081344, 4096, ) == 0x0
 00523   452   NtAllocateVirtualMemory  (-1, 1077248, 0, 4096, 4096, 260, ... 1077248, 4096, ) == 0x0
 00524   452   NtAllocateVirtualMemory  (-1, 1073152, 0, 4096, 4096, 260, ... 1073152, 4096, ) == 0x0
 00525   452   NtAllocateVirtualMemory  (-1, 1069056, 0, 4096, 4096, 260, ... 1069056, 4096, ) == 0x0
 00526   452   NtAllocateVirtualMemory  (-1, 1064960, 0, 4096, 4096, 260, ... 1064960, 4096, ) == 0x0
 00527   452   NtAllocateVirtualMemory  (-1, 1060864, 0, 4096, 4096, 260, ... 1060864, 4096, ) == 0x0
 00528   452   NtAllocateVirtualMemory  (-1, 1056768, 0, 4096, 4096, 260, ... 1056768, 4096, ) == 0x0
 00529   452   NtAllocateVirtualMemory  (-1, 1052672, 0, 4096, 4096, 260, ... 1052672, 4096, ) == 0x0
 00530   452   NtAllocateVirtualMemory  (-1, 1048576, 0, 4096, 4096, 260, ... 1048576, 4096, ) == 0x0
 00531   452   NtAllocateVirtualMemory  (-1, 1044480, 0, 4096, 4096, 260, ... 1044480, 4096, ) == 0x0
 00532   452   NtAllocateVirtualMemory  (-1, 1040384, 0, 4096, 4096, 260, ... 1040384, 4096, ) == 0x0
 00533   452   NtAllocateVirtualMemory  (-1, 1036288, 0, 4096, 4096, 260, ... 1036288, 4096, ) == 0x0
 00534   452   NtAllocateVirtualMemory  (-1, 1032192, 0, 4096, 4096, 260, ... 1032192, 4096, ) == 0x0
 00535   452   NtAllocateVirtualMemory  (-1, 1028096, 0, 4096, 4096, 260, ... 1028096, 4096, ) == 0x0
 00536   452   NtAllocateVirtualMemory  (-1, 1024000, 0, 4096, 4096, 260, ... 1024000, 4096, ) == 0x0
 00537   452   NtAllocateVirtualMemory  (-1, 1019904, 0, 4096, 4096, 260, ... 1019904, 4096, ) == 0x0
 00538   452   NtAllocateVirtualMemory  (-1, 1015808, 0, 4096, 4096, 260, ... 1015808, 4096, ) == 0x0
 00539   452   NtAllocateVirtualMemory  (-1, 1011712, 0, 4096, 4096, 260, ... 1011712, 4096, ) == 0x0
 00540   452   NtAllocateVirtualMemory  (-1, 1007616, 0, 4096, 4096, 260, ... 1007616, 4096, ) == 0x0
 00541   452   NtAllocateVirtualMemory  (-1, 1003520, 0, 4096, 4096, 260, ... 1003520, 4096, ) == 0x0
 00542   452   NtAllocateVirtualMemory  (-1, 999424, 0, 4096, 4096, 260, ... 999424, 4096, ) == 0x0
 00543   452   NtAllocateVirtualMemory  (-1, 995328, 0, 4096, 4096, 260, ... 995328, 4096, ) == 0x0
 00544   452   NtAllocateVirtualMemory  (-1, 991232, 0, 4096, 4096, 260, ... 991232, 4096, ) == 0x0
 00545   452   NtAllocateVirtualMemory  (-1, 987136, 0, 4096, 4096, 260, ... 987136, 4096, ) == 0x0
 00546   452   NtAllocateVirtualMemory  (-1, 983040, 0, 4096, 4096, 260, ... 983040, 4096, ) == 0x0
 00547   452   NtAllocateVirtualMemory  (-1, 978944, 0, 4096, 4096, 260, ... 978944, 4096, ) == 0x0
 00548   452   NtAllocateVirtualMemory  (-1, 974848, 0, 4096, 4096, 260, ... 974848, 4096, ) == 0x0
 00549   452   NtAllocateVirtualMemory  (-1, 970752, 0, 4096, 4096, 260, ... 970752, 4096, ) == 0x0
 00550   452   NtAllocateVirtualMemory  (-1, 966656, 0, 4096, 4096, 260, ... 966656, 4096, ) == 0x0
 00551   452   NtAllocateVirtualMemory  (-1, 962560, 0, 4096, 4096, 260, ... 962560, 4096, ) == 0x0
 00552   452   NtAllocateVirtualMemory  (-1, 958464, 0, 4096, 4096, 260, ... 958464, 4096, ) == 0x0
 00553   452   NtAllocateVirtualMemory  (-1, 954368, 0, 4096, 4096, 260, ... 954368, 4096, ) == 0x0
 00554   452   NtAllocateVirtualMemory  (-1, 950272, 0, 4096, 4096, 260, ... 950272, 4096, ) == 0x0
 00555   452   NtAllocateVirtualMemory  (-1, 946176, 0, 4096, 4096, 260, ... 946176, 4096, ) == 0x0
 00556   452   NtAllocateVirtualMemory  (-1, 942080, 0, 4096, 4096, 260, ... 942080, 4096, ) == 0x0
 00557   452   NtAllocateVirtualMemory  (-1, 937984, 0, 4096, 4096, 260, ... 937984, 4096, ) == 0x0
 00558   452   NtAllocateVirtualMemory  (-1, 933888, 0, 4096, 4096, 260, ... 933888, 4096, ) == 0x0
 00559   452   NtAllocateVirtualMemory  (-1, 929792, 0, 4096, 4096, 260, ... 929792, 4096, ) == 0x0
 00560   452   NtAllocateVirtualMemory  (-1, 925696, 0, 4096, 4096, 260, ... 925696, 4096, ) == 0x0
 00561   452   NtAllocateVirtualMemory  (-1, 921600, 0, 4096, 4096, 260, ... 921600, 4096, ) == 0x0
 00562   452   NtAllocateVirtualMemory  (-1, 917504, 0, 4096, 4096, 260, ... 917504, 4096, ) == 0x0
 00563   452   NtAllocateVirtualMemory  (-1, 913408, 0, 4096, 4096, 260, ... 913408, 4096, ) == 0x0
 00564   452   NtAllocateVirtualMemory  (-1, 909312, 0, 4096, 4096, 260, ... 909312, 4096, ) == 0x0
 00565   452   NtAllocateVirtualMemory  (-1, 905216, 0, 4096, 4096, 260, ... 905216, 4096, ) == 0x0
 00566   452   NtAllocateVirtualMemory  (-1, 901120, 0, 4096, 4096, 260, ... 901120, 4096, ) == 0x0
 00567   452   NtAllocateVirtualMemory  (-1, 897024, 0, 4096, 4096, 260, ... 897024, 4096, ) == 0x0
 00568   452   NtAllocateVirtualMemory  (-1, 892928, 0, 4096, 4096, 260, ... 892928, 4096, ) == 0x0
 00569   452   NtAllocateVirtualMemory  (-1, 888832, 0, 4096, 4096, 260, ... 888832, 4096, ) == 0x0
 00570   452   NtAllocateVirtualMemory  (-1, 884736, 0, 4096, 4096, 260, ... 884736, 4096, ) == 0x0
 00571   452   NtAllocateVirtualMemory  (-1, 880640, 0, 4096, 4096, 260, ... 880640, 4096, ) == 0x0
 00572   452   NtAllocateVirtualMemory  (-1, 876544, 0, 4096, 4096, 260, ... 876544, 4096, ) == 0x0
 00573   452   NtAllocateVirtualMemory  (-1, 872448, 0, 4096, 4096, 260, ... 872448, 4096, ) == 0x0
 00574   452   NtAllocateVirtualMemory  (-1, 868352, 0, 4096, 4096, 260, ... 868352, 4096, ) == 0x0
 00575   452   NtAllocateVirtualMemory  (-1, 864256, 0, 4096, 4096, 260, ... 864256, 4096, ) == 0x0
 00576   452   NtAllocateVirtualMemory  (-1, 860160, 0, 4096, 4096, 260, ... 860160, 4096, ) == 0x0
 00577   452   NtAllocateVirtualMemory  (-1, 856064, 0, 4096, 4096, 260, ... 856064, 4096, ) == 0x0
 00578   452   NtAllocateVirtualMemory  (-1, 851968, 0, 4096, 4096, 260, ... 851968, 4096, ) == 0x0
 00579   452   NtAllocateVirtualMemory  (-1, 847872, 0, 4096, 4096, 260, ... 847872, 4096, ) == 0x0
 00580   452   NtAllocateVirtualMemory  (-1, 843776, 0, 4096, 4096, 260, ... 843776, 4096, ) == 0x0
 00581   452   NtAllocateVirtualMemory  (-1, 839680, 0, 4096, 4096, 260, ... 839680, 4096, ) == 0x0
 00582   452   NtAllocateVirtualMemory  (-1, 835584, 0, 4096, 4096, 260, ... 835584, 4096, ) == 0x0
 00583   452   NtAllocateVirtualMemory  (-1, 831488, 0, 4096, 4096, 260, ... 831488, 4096, ) == 0x0
 00584   452   NtAllocateVirtualMemory  (-1, 827392, 0, 4096, 4096, 260, ... 827392, 4096, ) == 0x0
 00585   452   NtAllocateVirtualMemory  (-1, 823296, 0, 4096, 4096, 260, ... 823296, 4096, ) == 0x0
 00586   452   NtAllocateVirtualMemory  (-1, 819200, 0, 4096, 4096, 260, ... 819200, 4096, ) == 0x0
 00587   452   NtAllocateVirtualMemory  (-1, 815104, 0, 4096, 4096, 260, ... 815104, 4096, ) == 0x0
 00588   452   NtAllocateVirtualMemory  (-1, 811008, 0, 4096, 4096, 260, ... 811008, 4096, ) == 0x0
 00589   452   NtAllocateVirtualMemory  (-1, 806912, 0, 4096, 4096, 260, ... 806912, 4096, ) == 0x0
 00590   452   NtAllocateVirtualMemory  (-1, 802816, 0, 4096, 4096, 260, ... 802816, 4096, ) == 0x0
 00591   452   NtAllocateVirtualMemory  (-1, 798720, 0, 4096, 4096, 260, ... 798720, 4096, ) == 0x0
 00592   452   NtAllocateVirtualMemory  (-1, 794624, 0, 4096, 4096, 260, ... 794624, 4096, ) == 0x0
 00593   452   NtAllocateVirtualMemory  (-1, 790528, 0, 4096, 4096, 260, ... 790528, 4096, ) == 0x0
 00594   452   NtAllocateVirtualMemory  (-1, 786432, 0, 4096, 4096, 260, ... 786432, 4096, ) == 0x0
 00595   452   NtAllocateVirtualMemory  (-1, 782336, 0, 4096, 4096, 260, ... 782336, 4096, ) == 0x0
 00596   452   NtAllocateVirtualMemory  (-1, 778240, 0, 4096, 4096, 260, ... 778240, 4096, ) == 0x0
 00597   452   NtAllocateVirtualMemory  (-1, 774144, 0, 4096, 4096, 260, ... 774144, 4096, ) == 0x0
 00598   452   NtAllocateVirtualMemory  (-1, 770048, 0, 4096, 4096, 260, ... 770048, 4096, ) == 0x0
 00599   452   NtAllocateVirtualMemory  (-1, 765952, 0, 4096, 4096, 260, ... 765952, 4096, ) == 0x0
 00600   452   NtAllocateVirtualMemory  (-1, 761856, 0, 4096, 4096, 260, ... 761856, 4096, ) == 0x0
 00601   452   NtAllocateVirtualMemory  (-1, 757760, 0, 4096, 4096, 260, ... 757760, 4096, ) == 0x0
 00602   452   NtAllocateVirtualMemory  (-1, 753664, 0, 4096, 4096, 260, ... 753664, 4096, ) == 0x0
 00603   452   NtAllocateVirtualMemory  (-1, 749568, 0, 4096, 4096, 260, ... 749568, 4096, ) == 0x0
 00604   452   NtAllocateVirtualMemory  (-1, 745472, 0, 4096, 4096, 260, ... 745472, 4096, ) == 0x0
 00605   452   NtAllocateVirtualMemory  (-1, 741376, 0, 4096, 4096, 260, ... 741376, 4096, ) == 0x0
 00606   452   NtAllocateVirtualMemory  (-1, 737280, 0, 4096, 4096, 260, ... 737280, 4096, ) == 0x0
 00607   452   NtAllocateVirtualMemory  (-1, 733184, 0, 4096, 4096, 260, ... 733184, 4096, ) == 0x0
 00608   452   NtAllocateVirtualMemory  (-1, 729088, 0, 4096, 4096, 260, ... 729088, 4096, ) == 0x0
 00609   452   NtAllocateVirtualMemory  (-1, 724992, 0, 4096, 4096, 260, ... 724992, 4096, ) == 0x0
 00610   452   NtAllocateVirtualMemory  (-1, 720896, 0, 4096, 4096, 260, ... 720896, 4096, ) == 0x0
 00611   452   NtAllocateVirtualMemory  (-1, 716800, 0, 4096, 4096, 260, ... 716800, 4096, ) == 0x0
 00612   452   NtAllocateVirtualMemory  (-1, 712704, 0, 4096, 4096, 260, ... 712704, 4096, ) == 0x0
 00613   452   NtAllocateVirtualMemory  (-1, 708608, 0, 4096, 4096, 260, ... 708608, 4096, ) == 0x0
 00614   452   NtAllocateVirtualMemory  (-1, 704512, 0, 4096, 4096, 260, ... 704512, 4096, ) == 0x0
 00615   452   NtAllocateVirtualMemory  (-1, 700416, 0, 4096, 4096, 260, ... 700416, 4096, ) == 0x0
 00616   452   NtAllocateVirtualMemory  (-1, 696320, 0, 4096, 4096, 260, ... 696320, 4096, ) == 0x0
 00617   452   NtAllocateVirtualMemory  (-1, 692224, 0, 4096, 4096, 260, ... 692224, 4096, ) == 0x0
 00618   452   NtAllocateVirtualMemory  (-1, 688128, 0, 4096, 4096, 260, ... 688128, 4096, ) == 0x0
 00619   452   NtAllocateVirtualMemory  (-1, 684032, 0, 4096, 4096, 260, ... 684032, 4096, ) == 0x0
 00620   452   NtAllocateVirtualMemory  (-1, 679936, 0, 4096, 4096, 260, ... 679936, 4096, ) == 0x0
 00621   452   NtAllocateVirtualMemory  (-1, 675840, 0, 4096, 4096, 260, ... 675840, 4096, ) == 0x0
 00622   452   NtAllocateVirtualMemory  (-1, 671744, 0, 4096, 4096, 260, ... 671744, 4096, ) == 0x0
 00623   452   NtAllocateVirtualMemory  (-1, 667648, 0, 4096, 4096, 260, ... 667648, 4096, ) == 0x0
 00624   452   NtAllocateVirtualMemory  (-1, 663552, 0, 4096, 4096, 260, ... 663552, 4096, ) == 0x0
 00625   452   NtAllocateVirtualMemory  (-1, 659456, 0, 4096, 4096, 260, ... 659456, 4096, ) == 0x0
 00626   452   NtAllocateVirtualMemory  (-1, 655360, 0, 4096, 4096, 260, ... 655360, 4096, ) == 0x0
 00627   452   NtAllocateVirtualMemory  (-1, 651264, 0, 4096, 4096, 260, ... 651264, 4096, ) == 0x0
 00628   452   NtAllocateVirtualMemory  (-1, 647168, 0, 4096, 4096, 260, ... 647168, 4096, ) == 0x0
 00629   452   NtAllocateVirtualMemory  (-1, 643072, 0, 4096, 4096, 260, ... 643072, 4096, ) == 0x0
 00630   452   NtAllocateVirtualMemory  (-1, 638976, 0, 4096, 4096, 260, ... 638976, 4096, ) == 0x0
 00631   452   NtAllocateVirtualMemory  (-1, 634880, 0, 4096, 4096, 260, ... 634880, 4096, ) == 0x0
 00632   452   NtAllocateVirtualMemory  (-1, 630784, 0, 4096, 4096, 260, ... 630784, 4096, ) == 0x0
 00633   452   NtAllocateVirtualMemory  (-1, 626688, 0, 4096, 4096, 260, ... 626688, 4096, ) == 0x0
 00634   452   NtAllocateVirtualMemory  (-1, 622592, 0, 4096, 4096, 260, ... 622592, 4096, ) == 0x0
 00635   452   NtAllocateVirtualMemory  (-1, 618496, 0, 4096, 4096, 260, ... 618496, 4096, ) == 0x0
 00636   452   NtAllocateVirtualMemory  (-1, 614400, 0, 4096, 4096, 260, ... 614400, 4096, ) == 0x0
 00637   452   NtAllocateVirtualMemory  (-1, 610304, 0, 4096, 4096, 260, ... 610304, 4096, ) == 0x0
 00638   452   NtAllocateVirtualMemory  (-1, 606208, 0, 4096, 4096, 260, ... 606208, 4096, ) == 0x0
 00639   452   NtAllocateVirtualMemory  (-1, 602112, 0, 4096, 4096, 260, ... 602112, 4096, ) == 0x0
 00640   452   NtAllocateVirtualMemory  (-1, 598016, 0, 4096, 4096, 260, ... 598016, 4096, ) == 0x0
 00641   452   NtAllocateVirtualMemory  (-1, 593920, 0, 4096, 4096, 260, ... 593920, 4096, ) == 0x0
 00642   452   NtAllocateVirtualMemory  (-1, 589824, 0, 4096, 4096, 260, ... 589824, 4096, ) == 0x0
 00643   452   NtAllocateVirtualMemory  (-1, 585728, 0, 4096, 4096, 260, ... 585728, 4096, ) == 0x0
 00644   452   NtAllocateVirtualMemory  (-1, 581632, 0, 4096, 4096, 260, ... 581632, 4096, ) == 0x0
 00645   452   NtAllocateVirtualMemory  (-1, 577536, 0, 4096, 4096, 260, ... 577536, 4096, ) == 0x0
 00646   452   NtAllocateVirtualMemory  (-1, 573440, 0, 4096, 4096, 260, ... 573440, 4096, ) == 0x0
 00647   452   NtAllocateVirtualMemory  (-1, 569344, 0, 4096, 4096, 260, ... 569344, 4096, ) == 0x0
 00648   452   NtAllocateVirtualMemory  (-1, 565248, 0, 4096, 4096, 260, ... 565248, 4096, ) == 0x0
 00649   452   NtAllocateVirtualMemory  (-1, 561152, 0, 4096, 4096, 260, ... 561152, 4096, ) == 0x0
 00650   452   NtAllocateVirtualMemory  (-1, 557056, 0, 4096, 4096, 260, ... 557056, 4096, ) == 0x0
 00651   452   NtAllocateVirtualMemory  (-1, 552960, 0, 4096, 4096, 260, ... 552960, 4096, ) == 0x0
 00652   452   NtAllocateVirtualMemory  (-1, 548864, 0, 4096, 4096, 260, ... 548864, 4096, ) == 0x0
 00653   452   NtAllocateVirtualMemory  (-1, 544768, 0, 4096, 4096, 260, ... 544768, 4096, ) == 0x0
 00654   452   NtAllocateVirtualMemory  (-1, 540672, 0, 4096, 4096, 260, ... 540672, 4096, ) == 0x0
 00655   452   NtAllocateVirtualMemory  (-1, 536576, 0, 4096, 4096, 260, ... 536576, 4096, ) == 0x0
 00656   452   NtAllocateVirtualMemory  (-1, 532480, 0, 4096, 4096, 260, ... 532480, 4096, ) == 0x0
 00657   452   NtAllocateVirtualMemory  (-1, 528384, 0, 4096, 4096, 260, ... 528384, 4096, ) == 0x0
 00658   452   NtAllocateVirtualMemory  (-1, 524288, 0, 4096, 4096, 260, ... 524288, 4096, ) == 0x0
 00659   452   NtAllocateVirtualMemory  (-1, 520192, 0, 4096, 4096, 260, ... 520192, 4096, ) == 0x0
 00660   452   NtAllocateVirtualMemory  (-1, 516096, 0, 4096, 4096, 260, ... 516096, 4096, ) == 0x0
 00661   452   NtAllocateVirtualMemory  (-1, 512000, 0, 4096, 4096, 260, ... 512000, 4096, ) == 0x0
 00662   452   NtAllocateVirtualMemory  (-1, 507904, 0, 4096, 4096, 260, ... 507904, 4096, ) == 0x0
 00663   452   NtAllocateVirtualMemory  (-1, 503808, 0, 4096, 4096, 260, ... 503808, 4096, ) == 0x0
 00664   452   NtAllocateVirtualMemory  (-1, 499712, 0, 4096, 4096, 260, ... 499712, 4096, ) == 0x0
 00665   452   NtAllocateVirtualMemory  (-1, 495616, 0, 4096, 4096, 260, ... 495616, 4096, ) == 0x0
 00666   452   NtAllocateVirtualMemory  (-1, 491520, 0, 4096, 4096, 260, ... 491520, 4096, ) == 0x0
 00667   452   NtAllocateVirtualMemory  (-1, 487424, 0, 4096, 4096, 260, ... 487424, 4096, ) == 0x0
 00668   452   NtAllocateVirtualMemory  (-1, 483328, 0, 4096, 4096, 260, ... 483328, 4096, ) == 0x0
 00669   452   NtAllocateVirtualMemory  (-1, 479232, 0, 4096, 4096, 260, ... 479232, 4096, ) == 0x0
 00670   452   NtAllocateVirtualMemory  (-1, 475136, 0, 4096, 4096, 260, ... 475136, 4096, ) == 0x0
 00671   452   NtAllocateVirtualMemory  (-1, 471040, 0, 4096, 4096, 260, ... 471040, 4096, ) == 0x0
 00672   452   NtAllocateVirtualMemory  (-1, 466944, 0, 4096, 4096, 260, ... 466944, 4096, ) == 0x0
 00673   452   NtAllocateVirtualMemory  (-1, 462848, 0, 4096, 4096, 260, ... 462848, 4096, ) == 0x0
 00674   452   NtAllocateVirtualMemory  (-1, 458752, 0, 4096, 4096, 260, ... 458752, 4096, ) == 0x0
 00675   452   NtAllocateVirtualMemory  (-1, 454656, 0, 4096, 4096, 260, ... 454656, 4096, ) == 0x0
 00676   452   NtAllocateVirtualMemory  (-1, 450560, 0, 4096, 4096, 260, ... 450560, 4096, ) == 0x0
 00677   452   NtAllocateVirtualMemory  (-1, 446464, 0, 4096, 4096, 260, ... 446464, 4096, ) == 0x0
 00678   452   NtAllocateVirtualMemory  (-1, 442368, 0, 4096, 4096, 260, ... 442368, 4096, ) == 0x0
 00679   452   NtAllocateVirtualMemory  (-1, 438272, 0, 4096, 4096, 260, ... 438272, 4096, ) == 0x0
 00680   452   NtAllocateVirtualMemory  (-1, 434176, 0, 4096, 4096, 260, ... 434176, 4096, ) == 0x0
 00681   452   NtAllocateVirtualMemory  (-1, 430080, 0, 4096, 4096, 260, ... 430080, 4096, ) == 0x0
 00682   452   NtAllocateVirtualMemory  (-1, 425984, 0, 4096, 4096, 260, ... 425984, 4096, ) == 0x0
 00683   452   NtAllocateVirtualMemory  (-1, 421888, 0, 4096, 4096, 260, ... 421888, 4096, ) == 0x0
 00684   452   NtAllocateVirtualMemory  (-1, 417792, 0, 4096, 4096, 260, ... 417792, 4096, ) == 0x0
 00685   452   NtAllocateVirtualMemory  (-1, 413696, 0, 4096, 4096, 260, ... 413696, 4096, ) == 0x0
 00686   452   NtAllocateVirtualMemory  (-1, 409600, 0, 4096, 4096, 260, ... 409600, 4096, ) == 0x0
 00687   452   NtAllocateVirtualMemory  (-1, 405504, 0, 4096, 4096, 260, ... 405504, 4096, ) == 0x0
 00688   452   NtAllocateVirtualMemory  (-1, 401408, 0, 4096, 4096, 260, ... 401408, 4096, ) == 0x0
 00689   452   NtAllocateVirtualMemory  (-1, 397312, 0, 4096, 4096, 260, ... 397312, 4096, ) == 0x0
 00690   452   NtAllocateVirtualMemory  (-1, 393216, 0, 4096, 4096, 260, ... 393216, 4096, ) == 0x0
 00691   452   NtAllocateVirtualMemory  (-1, 389120, 0, 4096, 4096, 260, ... 389120, 4096, ) == 0x0
 00692   452   NtAllocateVirtualMemory  (-1, 385024, 0, 4096, 4096, 260, ... 385024, 4096, ) == 0x0
 00693   452   NtAllocateVirtualMemory  (-1, 380928, 0, 4096, 4096, 260, ... 380928, 4096, ) == 0x0
 00694   452   NtAllocateVirtualMemory  (-1, 376832, 0, 4096, 4096, 260, ... 376832, 4096, ) == 0x0
 00695   452   NtAllocateVirtualMemory  (-1, 372736, 0, 4096, 4096, 260, ... 372736, 4096, ) == 0x0
 00696   452   NtAllocateVirtualMemory  (-1, 368640, 0, 4096, 4096, 260, ... 368640, 4096, ) == 0x0
 00697   452   NtAllocateVirtualMemory  (-1, 364544, 0, 4096, 4096, 260, ... 364544, 4096, ) == 0x0
 00698   452   NtAllocateVirtualMemory  (-1, 360448, 0, 4096, 4096, 260, ... 360448, 4096, ) == 0x0
 00699   452   NtAllocateVirtualMemory  (-1, 356352, 0, 4096, 4096, 260, ... 356352, 4096, ) == 0x0
 00700   452   NtAllocateVirtualMemory  (-1, 352256, 0, 4096, 4096, 260, ... 352256, 4096, ) == 0x0
 00701   452   NtAllocateVirtualMemory  (-1, 348160, 0, 4096, 4096, 260, ... 348160, 4096, ) == 0x0
 00702   452   NtAllocateVirtualMemory  (-1, 344064, 0, 4096, 4096, 260, ... 344064, 4096, ) == 0x0
 00703   452   NtAllocateVirtualMemory  (-1, 339968, 0, 4096, 4096, 260, ... 339968, 4096, ) == 0x0
 00704   452   NtAllocateVirtualMemory  (-1, 335872, 0, 4096, 4096, 260, ... 335872, 4096, ) == 0x0
 00705   452   NtAllocateVirtualMemory  (-1, 331776, 0, 4096, 4096, 260, ... 331776, 4096, ) == 0x0
 00706   452   NtAllocateVirtualMemory  (-1, 327680, 0, 4096, 4096, 260, ... 327680, 4096, ) == 0x0
 00707   452   NtAllocateVirtualMemory  (-1, 323584, 0, 4096, 4096, 260, ... 323584, 4096, ) == 0x0
 00708   452   NtAllocateVirtualMemory  (-1, 319488, 0, 4096, 4096, 260, ... 319488, 4096, ) == 0x0
 00709   452   NtAllocateVirtualMemory  (-1, 315392, 0, 4096, 4096, 260, ... 315392, 4096, ) == 0x0
 00710   452   NtAllocateVirtualMemory  (-1, 311296, 0, 4096, 4096, 260, ... 311296, 4096, ) == 0x0
 00711   452   NtAllocateVirtualMemory  (-1, 307200, 0, 4096, 4096, 260, ... 307200, 4096, ) == 0x0
 00712   452   NtAllocateVirtualMemory  (-1, 303104, 0, 4096, 4096, 260, ... 303104, 4096, ) == 0x0
 00713   452   NtAllocateVirtualMemory  (-1, 299008, 0, 4096, 4096, 260, ... 299008, 4096, ) == 0x0
 00714   452   NtAllocateVirtualMemory  (-1, 294912, 0, 4096, 4096, 260, ... 294912, 4096, ) == 0x0
 00715   452   NtAllocateVirtualMemory  (-1, 290816, 0, 4096, 4096, 260, ... 290816, 4096, ) == 0x0
 00716   452   NtAllocateVirtualMemory  (-1, 286720, 0, 4096, 4096, 260, ... 286720, 4096, ) == 0x0
 00717   452   NtAllocateVirtualMemory  (-1, 282624, 0, 4096, 4096, 260, ... 282624, 4096, ) == 0x0
 00718   452   NtAllocateVirtualMemory  (-1, 278528, 0, 4096, 4096, 260, ... 278528, 4096, ) == 0x0
 00719   452   NtAllocateVirtualMemory  (-1, 274432, 0, 4096, 4096, 260, ... 274432, 4096, ) == 0x0
 00720   452   NtAllocateVirtualMemory  (-1, 270336, 0, 4096, 4096, 260, ... 270336, 4096, ) == 0x0
 00721   452   NtAllocateVirtualMemory  (-1, 266240, 0, 4096, 4096, 260, ... 266240, 4096, ) == 0x0
 00722   452   NtAllocateVirtualMemory  (-1, 262144, 0, 4096, 4096, 260, ... 262144, 4096, ) == 0x0
 00723   452   NtAllocateVirtualMemory  (-1, 258048, 0, 4096, 4096, 260, ... 258048, 4096, ) == 0x0
 00724   452   NtAllocateVirtualMemory  (-1, 253952, 0, 4096, 4096, 260, ... 253952, 4096, ) == 0x0
 00725   452   NtAllocateVirtualMemory  (-1, 249856, 0, 4096, 4096, 260, ... 249856, 4096, ) == 0x0
 00726   452   NtAllocateVirtualMemory  (-1, 245760, 0, 4096, 4096, 260, ... 245760, 4096, ) == 0x0
 00727   452   NtAllocateVirtualMemory  (-1, 241664, 0, 4096, 4096, 260, ... 241664, 4096, ) == 0x0
 00728   452   NtAllocateVirtualMemory  (-1, 237568, 0, 4096, 4096, 260, ... 237568, 4096, ) == 0x0
 00729   452   NtAllocateVirtualMemory  (-1, 233472, 0, 4096, 4096, 260, ... 233472, 4096, ) == 0x0
 00730   452   NtAllocateVirtualMemory  (-1, 229376, 0, 4096, 4096, 260, ... 229376, 4096, ) == 0x0
 00731   452   NtAllocateVirtualMemory  (-1, 225280, 0, 4096, 4096, 260, ... 225280, 4096, ) == 0x0
 00732   452   NtAllocateVirtualMemory  (-1, 221184, 0, 4096, 4096, 260, ... 221184, 4096, ) == 0x0
 00733   452   NtAllocateVirtualMemory  (-1, 217088, 0, 4096, 4096, 260, ... 217088, 4096, ) == 0x0
 00734   452   NtAllocateVirtualMemory  (-1, 212992, 0, 4096, 4096, 260, ... 212992, 4096, ) == 0x0
 00735   452   NtAllocateVirtualMemory  (-1, 208896, 0, 4096, 4096, 260, ... 208896, 4096, ) == 0x0
 00736   452   NtAllocateVirtualMemory  (-1, 204800, 0, 4096, 4096, 260, ... 204800, 4096, ) == 0x0
 00737   452   NtAllocateVirtualMemory  (-1, 200704, 0, 4096, 4096, 4, ... 200704, 4096, ) == 0x0
 00738   452   NtContinue  (-104226796, 0, ...
 00739   452   NtContinue  (-104226796, 0, ...
 00740   452   NtFlushInstructionCache  (-1, 0, 0, ... ) == 0x0
 00741   452   NtClose  (44, ... ) == 0x0
NtAddAtom(>)	1	NtQueryInformationProcess(>)	1	NtGdiCreateCompatibleDC(>)	3	NtUnmapViewOfSection(>)	9
NtCallbackReturn(>)	1	NtQueryObject(>)	1	NtQueryDefaultLocale(>)	3	NtQueryAttributesFile(>)	11
NtCreateEvent(>)	1	NtQuerySymbolicLinkObject(>)	1	NtSetInformationObject(>)	3	NtOpenFile(>)	12
NtCreateFile(>)	1	NtQueryVolumeInformationFile(>)	1	NtUserRegisterWindowMessage(>)	3	NtQueryDebugFilterState(>)	12
NtDuplicateObject(>)	1	NtRegisterThreadTerminatePort(>)	1	NtQuerySection(>)	4	NtQuerySystemInformation(>)	15
NtFsControlFile(>)	1	NtSecureConnectPort(>)	1	NtGdiGetStockObject(>)	5	NtOpenSection(>)	20
NtGdiCreateBitmap(>)	1	NtSetInformationThread(>)	1	NtRequestWaitReplyPort(>)	5	NtProtectVirtualMemory(>)	20
NtGdiInit(>)	1	NtTestAlert(>)	1	NtUserSystemParametersInfo(>)	5	NtQueryValueKey(>)	21
NtGdiQueryFontAssocInfo(>)	1	NtUserCallNoParam(>)	1	NtContinue(>)	6	NtUserFindExistingCursorIcon(>)	24
NtGdiSelectBitmap(>)	1	NtUserGetDC(>)	1	NtOpenProcessTokenEx(>)	6	NtMapViewOfSection(>)	25
NtOpenEvent(>)	1	NtUserGetThreadDesktop(>)	1	NtOpenThreadTokenEx(>)	6	NtUserRegisterClassExWOW(>)	34
NtOpenKeyedEvent(>)	1	NtGdiCreateSolidBrush(>)	2	NtQueryDefaultUILanguage(>)	6	NtUserGetClassInfo(>)	36
NtOpenMutant(>)	1	NtOpenDirectoryObject(>)	2	NtFreeVirtualMemory(>)	8	NtOpenKey(>)	37
NtOpenProcess(>)	1	NtOpenProcessToken(>)	2	NtCreateSection(>)	9	NtClose(>)	65
NtOpenSymbolicLinkObject(>)	1	NtQueryInstallUILanguage(>)	2	NtFlushInstructionCache(>)	9	NtAllocateVirtualMemory(>)	279
NtQueryInformationFile(>)	1	NtQueryVirtualMemory(>)	2	NtQueryInformationToken(>)	9