Summary:





NtCallbackReturn(>)  1 
NtDeviceIoControlFile(>)  2 
NtCreateKey(>)  5 
NtFlushInstructionCache(>)  35 


NtFsControlFile(>)  1 
NtGdiCreateSolidBrush(>)  2 
NtGdiGetStockObject(>)  5 
NtCreateEvent(>)  51 


NtGdiCreateBitmap(>)  1 
NtNotifyChangeKey(>)  2 
NtQueryInformationToken(>)  5 
NtOpenKey(>)  91 


NtGdiInit(>)  1 
NtOpenDirectoryObject(>)  2 
NtQueryVirtualMemory(>)  5 
NtContinue(>)  133 


NtGdiQueryFontAssocInfo(>)  1 
NtOpenProcessToken(>)  2 
NtSetInformationFile(>)  5 
NtClose(>)  138 


NtGdiSelectBitmap(>)  1 
NtOpenProcessTokenEx(>)  2 
NtUnmapViewOfSection(>)  6 
NtDuplicateObject(>)  166 


NtOpenKeyedEvent(>)  1 
NtOpenThreadTokenEx(>)  2 
NtQueryInformationFile(>)  7 
NtQueryValueKey(>)  215 


NtOpenSymbolicLinkObject(>)  1 
NtQueryDefaultLocale(>)  2 
NtQueryInformationProcess(>)  8 
NtCreateThread(>)  248 


NtQueryObject(>)  1 
NtQuerySystemTime(>)  2 
NtUserFindExistingCursorIcon(>)  9 
NtQueryInformationThread(>)  250 


NtQuerySymbolicLinkObject(>)  1 
NtSetInformationObject(>)  2 
NtQuerySection(>)  11 
NtResumeThread(>)  253 


NtSecureConnectPort(>)  1 
NtWriteFile(>)  2 
NtUserRegisterClassExWOW(>)  14 
NtRegisterThreadTerminatePort(>)  260 


NtSetInformationProcess(>)  1 
NtCreateFile(>)  3 
NtCreateSection(>)  15 
NtRequestWaitReplyPort(>)  263 


NtSetInformationThread(>)  1 
NtFreeVirtualMemory(>)  3 
NtOpenFile(>)  18 
NtTestAlert(>)  263 


NtUserCallNoParam(>)  1 
NtGdiCreateCompatibleDC(>)  3 
NtOpenSection(>)  19 
NtProtectVirtualMemory(>)  373 


NtUserGetThreadDesktop(>)  1 
NtOpenThreadToken(>)  4 
NtMapViewOfSection(>)  27 
NtSetEventBoostPriority(>)  549 


NtConnectPort(>)  2 
NtQueryVolumeInformationFile(>)  4 
NtQueryAttributesFile(>)  28 
NtAllocateVirtualMemory(>)  599 


NtCreateMutant(>)  2 
NtSetValueKey(>)  4 
NtQuerySystemInformation(>)  32 
NtWaitForSingleObject(>)  832 





Trace:

 00001  1248   NtOpenFile  (0x80100000, {24, 0, 0x240, 0, 0,  (0x80100000, {24, 0, 0x240, 0, 0, "\SystemRoot\Prefetch\PACKED.EXE-09ED06A1.pf"}, 0, 32, ... ) }, 0, 32, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00003  1248   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00004  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00005  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00006  1248   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00007  1248   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00008  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00009  1248   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00010  1248   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00011  1248   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00012  1248   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00013  1248   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00014  1248   NtClose  (12, ... ) == 0x0
 00015  1248   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\C:\scripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00016  1248   NtQueryVolumeInformationFile  (12, 1243852, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00017  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243804, ... ) }, 1243804, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018  1248   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019  1248   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x7c800000), 0x0, 1003520, ) == 0x0
 00020  1248   NtClose  (16, ... ) == 0x0
 00021  1248   NtProtectVirtualMemory  (-1, (0x7c801000), 1568, 4, ... (0x7c801000), 4096, 32, ) == 0x0
 00022  1248   NtProtectVirtualMemory  (-1, (0x7c801000), 4096, 32, ... (0x7c801000), 4096, 4, ) == 0x0
 00023  1248   NtFlushInstructionCache  (-1, 2088767488, 1568, ... ) == 0x0
 00024  1248   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 00025  1248   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00026  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00027  1248   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00028  1248   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1241944, 44, ... 24, {24, 16, 0, 65536, 2424832, 18415616}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1241944, 44, ... 24, {24, 16, 0, 65536, 2424832, 18415616}, {0, 0, 0}, 200, 44, ) == 0x0
 00029  1248   NtClose  (16, ... ) == 0x0
 00030  1248   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00031  1248   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00032  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00033  1248   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00034  1248   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00035  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184}  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184} "\210\6\31\1\0\0\0\0eZ\221|\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 57931, 0} "`\375\27\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57931, 0}  (24, {28, 56, new_msg, 0, 1242260, 1242460, 2089900544, 1242184} "\210\6\31\1\0\0\0\0eZ\221|\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 57931, 0} "`\375\27\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" )  ) == 0x0
 00036  1248   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00037  1248   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00038  1248   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00039  1248   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00040  1248   NtClose  (16, ... ) == 0x0
 00041  1248   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 16, ) }, ... 16, ) == 0x0
 00042  1248   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00043  1248   NtClose  (16, ... ) == 0x0
 00044  1248   NtQueryDefaultLocale  (0, 2089305000, ... ) == 0x0
 00045  1248   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 16, ) }, ... 16, ) == 0x0
 00046  1248   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 249856, ) == 0x0
 00047  1248   NtClose  (16, ... ) == 0x0
 00048  1248   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 16, ) }, ... 16, ) == 0x0
 00049  1248   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00050  1248   NtQuerySection  (16, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00051  1248   NtClose  (16, ... ) == 0x0
 00052  1248   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 16, ) }, ... 16, ) == 0x0
 00053  1248   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00054  1248   NtClose  (16, ... ) == 0x0
 00055  1248   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00056  1248   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00057  1248   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00058  1248   NtAllocateVirtualMemory  (-1, 2428928, 0, 8192, 4096, 4, ... 2428928, 8192, ) == 0x0
 00059  1248   NtRequestWaitReplyPort  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776}  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776} "\210\6\31\1\36\0\1\0\0\0\0\0\377\377\377\377\234\6\31\1p\30\0\0" ... {24, 52, reply, 0, 1656, 1248, 57932, 0} "\10P\30\0\36\0\1\0\0\0\0\0\377\377\377\377\234\6\31\1p\30\0\0" )  ... {24, 52, reply, 0, 1656, 1248, 57932, 0}  (24, {24, 52, new_msg, 0, 7012468, 7929957, 3145776, 3145776} "\210\6\31\1\36\0\1\0\0\0\0\0\377\377\377\377\234\6\31\1p\30\0\0" ... {24, 52, reply, 0, 1656, 1248, 57932, 0} "\10P\30\0\36\0\1\0\0\0\0\0\377\377\377\377\234\6\31\1p\30\0\0" )  ) == 0x0
 00060  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0}  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57933, 0} "\250\202\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57933, 0}  (24, {28, 56, new_msg, 0, 2089305760, 2090321376, 0, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57933, 0} "\250\202\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" )  ) == 0x0
 00061  1248   NtProtectVirtualMemory  (-1, (0x409000), 90128, 4, ... (0x409000), 94208, 128, ) == 0x0
 00062  1248   NtProtectVirtualMemory  (-1, (0x409000), 94208, 128, ... (0x409000), 94208, 4, ) == 0x0
 00063  1248   NtFlushInstructionCache  (-1, 4231168, 90128, ... ) == 0x0
 00064  1248   NtQueryInformationProcess  (-1, 37, 48, ... {process info, class 37, size 48}, 0x0, ) == 0x0
 00065  1248   NtSetInformationProcess  (-1, 34, {process info, class 34, size 4}, 4, ... ) == 0x0
 00066  1248   NtOpenProcessToken  (-1, 0x8, ... 16, ) == 0x0
 00067  1248   NtQueryInformationToken  (16, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00068  1248   NtClose  (16, ... ) == 0x0
 00069  1248   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00070  1248   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00071  1248   NtClose  (16, ... ) == 0x0
 00072  1248   NtTestAlert  (... ) == 0x0
 00073  1248   NtContinue  (1244464, 1, ...
 00074  1248   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x419010,}, 4, ... ) == 0x0
 00075  1248   NtQueryVirtualMemory  (-1, 0x40980f, Basic, 28, ... {BaseAddress=0x409000,AllocationBase=0x400000,AllocationProtect=0x80,RegionSize=0x1000,State=0x1000,Protect=0x40,Type=0x1000000,}, 28, ) == 0x0
 00076  1248   NtContinue  (1244400, 0, ...
 00077  1248   NtAllocateVirtualMemory  (-1, 0, 0, 2395, 4096, 64, ... 3276800, 4096, ) == 0x0
 00078  1248   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 16, ) }, ... 16, ) == 0x0
 00079  1248   NtQueryValueKey  (16,  (16, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00080  1248   NtClose  (16, ... ) == 0x0
 00081  1248   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00082  1248   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "user32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00083  1248   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x7e410000), 0x0, 589824, ) == 0x0
 00084  1248   NtClose  (16, ... ) == 0x0
 00085  1248   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00086  1248   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77f10000), 0x0, 290816, ) == 0x0
 00087  1248   NtClose  (16, ... ) == 0x0
 00088  1248   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00089  1248   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00090  1248   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00091  1248   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00092  1248   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00093  1248   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00094  1248   NtProtectVirtualMemory  (-1, (0x77f11000), 508, 4, ... (0x77f11000), 4096, 32, ) == 0x0
 00095  1248   NtProtectVirtualMemory  (-1, (0x77f11000), 4096, 32, ... (0x77f11000), 4096, 4, ) == 0x0
 00096  1248   NtFlushInstructionCache  (-1, 2012286976, 508, ... ) == 0x0
 00097  1248   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00098  1248   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00099  1248   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00100  1248   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00101  1248   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00102  1248   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00103  1248   NtProtectVirtualMemory  (-1, (0x7e411000), 1252, 4, ... (0x7e411000), 4096, 32, ) == 0x0
 00104  1248   NtProtectVirtualMemory  (-1, (0x7e411000), 4096, 32, ... (0x7e411000), 4096, 4, ) == 0x0
 00105  1248   NtFlushInstructionCache  (-1, 2118193152, 1252, ... ) == 0x0
 00106  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00107  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\user32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00108  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00109  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2089900645, 0, 2090320576, 1241608}  (24, {28, 56, new_msg, 0, 2089900645, 0, 2090320576, 1241608} "\210\6\31\1\0\0\0\0\344\0\23\0\4\0\0\0\3\0\0\0\234\6\31\1$\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 57934, 0} "\320G\26\0\0\0\0\0\0\0\0\0\4\0\0\0\3\0\0\0\234\6\31\1$\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57934, 0}  (24, {28, 56, new_msg, 0, 2089900645, 0, 2090320576, 1241608} "\210\6\31\1\0\0\0\0\344\0\23\0\4\0\0\0\3\0\0\0\234\6\31\1$\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 57934, 0} "\320G\26\0\0\0\0\0\0\0\0\0\4\0\0\0\3\0\0\0\234\6\31\1$\1\0\0" )  ) == 0x0
 00110  1248   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... {status=0x0, info=0}, 0x0, ) == 0x0
 00111  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239000, ... ) }, 1239000, ... ) == 0x0
 00112  1248   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 16, {status=0x0, info=1}, ) }, 5, 96, ... 16, {status=0x0, info=1}, ) == 0x0
 00113  1248   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 16, ... 28, ) == 0x0
 00114  1248   NtClose  (16, ... ) == 0x0
 00115  1248   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x420000), 0x0, 110592, ) == 0x0
 00116  1248   NtClose  (28, ... ) == 0x0
 00117  1248   NtUnmapViewOfSection  (-1, 0x420000, ... ) == 0x0
 00118  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1238908, ... ) }, 1238908, ... ) == 0x0
 00119  1248   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 28, {status=0x0, info=1}, ) }, 5, 96, ... 28, {status=0x0, info=1}, ) == 0x0
 00120  1248   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 28, ... 16, ) == 0x0
 00121  1248   NtClose  (28, ... ) == 0x0
 00122  1248   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x420000), 0x0, 110592, ) == 0x0
 00123  1248   NtClose  (16, ... ) == 0x0
 00124  1248   NtUnmapViewOfSection  (-1, 0x420000, ... ) == 0x0
 00125  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239216, ... ) }, 1239216, ... ) == 0x0
 00126  1248   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 5, 96, ... 16, {status=0x0, info=1}, ) }, 5, 96, ... 16, {status=0x0, info=1}, ) == 0x0
 00127  1248   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 16, ... 28, ) == 0x0
 00128  1248   NtQuerySection  (28, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00129  1248   NtOpenProcessToken  (-1, 0x8, ... 32, ) == 0x0
 00130  1248   NtQueryInformationToken  (32, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00131  1248   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00132  1248   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 36, ) }, ... 36, ) == 0x0
 00133  1248   NtQueryValueKey  (36,  (36, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (36, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00134  1248   NtClose  (36, ... ) == 0x0
 00135  1248   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00136  1248   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 36, ) == 0x0
 00137  1248   NtQueryInformationToken  (36, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00138  1248   NtClose  (36, ... ) == 0x0
 00139  1248   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1292428093-1383384898-725345543-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00140  1248   NtClose  (32, ... ) == 0x0
 00141  1248   NtClose  (16, ... ) == 0x0
 00142  1248   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x76390000), 0x0, 118784, ) == 0x0
 00143  1248   NtClose  (28, ... ) == 0x0
 00144  1248   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00145  1248   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00146  1248   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00147  1248   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00148  1248   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00149  1248   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00150  1248   NtProtectVirtualMemory  (-1, (0x76391000), 696, 4, ... (0x76391000), 4096, 32, ) == 0x0
 00151  1248   NtProtectVirtualMemory  (-1, (0x76391000), 4096, 32, ... (0x76391000), 4096, 4, ) == 0x0
 00152  1248   NtFlushInstructionCache  (-1, 1983451136, 696, ... ) == 0x0
 00153  1248   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00154  1248   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 634880, ) == 0x0
 00155  1248   NtClose  (28, ... ) == 0x0
 00156  1248   NtProtectVirtualMemory  (-1, (0x77dd1000), 1700, 4, ... (0x77dd1000), 4096, 32, ) == 0x0
 00157  1248   NtProtectVirtualMemory  (-1, (0x77dd1000), 4096, 32, ... (0x77dd1000), 4096, 4, ) == 0x0
 00158  1248   NtFlushInstructionCache  (-1, 2010976256, 1700, ... ) == 0x0
 00159  1248   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00160  1248   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e70000), 0x0, 593920, ) == 0x0
 00161  1248   NtClose  (28, ... ) == 0x0
 00162  1248   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ... 1228800, 4096, ) == 0x0
 00163  1248   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00164  1248   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00165  1248   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00166  1248   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00167  1248   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00168  1248   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00169  1248   NtProtectVirtualMemory  (-1, (0x77e71000), 868, 4, ... (0x77e71000), 4096, 32, ) == 0x0
 00170  1248   NtProtectVirtualMemory  (-1, (0x77e71000), 4096, 32, ... (0x77e71000), 4096, 4, ) == 0x0
 00171  1248   NtFlushInstructionCache  (-1, 2011631616, 868, ... ) == 0x0
 00172  1248   NtProtectVirtualMemory  (-1, (0x77dd1000), 1700, 4, ... (0x77dd1000), 4096, 32, ) == 0x0
 00173  1248   NtProtectVirtualMemory  (-1, (0x77dd1000), 4096, 32, ... (0x77dd1000), 4096, 4, ) == 0x0
 00174  1248   NtFlushInstructionCache  (-1, 2010976256, 1700, ... ) == 0x0
 00175  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00176  1248   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00177  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00178  1248   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00179  1248   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00180  1248   NtQueryValueKey  (28,  (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00181  1248   NtClose  (28, ... ) == 0x0
 00182  1248   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 28, ) }, ... 28, ) == 0x0
 00183  1248   NtQueryValueKey  (28,  (28, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00184  1248   NtClose  (28, ... ) == 0x0
 00185  1248   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 28, ) }, ... 28, ) == 0x0
 00186  1248   NtSetInformationObject  (28, Handle, {Inherit=0,ProtectFromClose=1,}, 2011431168, ... ) == 0x0
 00187  1248   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00188  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00189  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00190  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1236132, ... ) }, 1236132, ... ) == 0x0
 00191  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00192  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00193  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\IMM32.DLL"}, 1239536, ... ) }, 1239536, ... ) == 0x0
 00194  1248   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00195  1248   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize"}, ... 16, ) }, ... 16, ) == 0x0
 00196  1248   NtQueryValueKey  (16,  (16, "DisableMetaFiles", Partial, 20, ... ) , Partial, 20, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00197  1248   NtClose  (16, ... ) == 0x0
 00198  1248   NtMapViewOfSection  (-2147482740, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x420000), 0x0, 1060864, ) == 0x0
 00199  1248   NtClose  (-2147482740, ... ) == 0x0
 00200  1248   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 16, ) == 0x0
 00201  1248   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00202  1248   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147482740, ) == 0x0
 00203  1248   NtQueryInformationToken  (-2147482740, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00204  1248   NtQueryInformationToken  (-2147482740, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00205  1248   NtClose  (-2147482740, ... ) == 0x0
 00206  1248   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 5439488, 4096, ) == 0x0
 00207  1248   NtFreeVirtualMemory  (-1, (0x530000), 4096, 32768, ... (0x530000), 4096, ) == 0x0
 00208  1248   NtDuplicateObject  (-1, 32, -1, 0x0, 0, 2, ... 40, ) == 0x0
 00209  1248   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147482740, ) }, ... -2147482740, ) == 0x0
 00210  1248   NtQueryValueKey  (-2147482740,  (-2147482740, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00211  1248   NtClose  (-2147482740, ... ) == 0x0
 00212  1248   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147482740, ) }, ... -2147482740, ) == 0x0
 00213  1248   NtQueryValueKey  (-2147482740,  (-2147482740, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00214  1248   NtClose  (-2147482740, ... ) == 0x0
 00215  1248   NtQueryDefaultLocale  (0, -139609780, ... ) == 0x0
 00216  1248   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00217  1248   NtUserCallNoParam  (24, ... ) == 0x0
 00218  1248   NtGdiCreateCompatibleDC  (0, ...
 00219  1248   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 5439488, 4096, ) == 0x0
 00218  1248   NtGdiCreateCompatibleDC  ... ) == 0xee0105b0
 00220  1248   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00221  1248   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00222  1248   NtGdiCreateBitmap  (8, 8, 1, 1, 2118200212, ... ) == 0x76050581
 00223  1248   NtGdiCreateSolidBrush  (0, 0, ...
 00224  1248   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 8650752, 4096, ) == 0x0
 00223  1248   NtGdiCreateSolidBrush  ... ) == 0xa51003d2
 00225  1248   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00226  1248   NtGdiCreateCompatibleDC  (0, ... ) == 0x5201039b
 00227  1248   NtGdiSelectBitmap  (1375798171, 1980040577, ... ) == 0x185000f
 00228  1248   NtUserGetThreadDesktop  (1248, 0, ... ) == 0x24
 00229  1248   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 44, ) }, ... 44, ) == 0x0
 00230  1248   NtQueryValueKey  (44,  (44, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (44, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00231  1248   NtClose  (44, ... ) == 0x0
 00232  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00233  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 673, 128, 0, ... ) == 0x8169c017
 00234  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00235  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 674, 128, 0, ... ) == 0x8169c01c
 00236  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00237  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 675, 128, 0, ... ) == 0x8169c01e
 00238  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00239  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 676, 128, 0, ... ) == 0x81698002
 00240  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10013
 00241  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 677, 128, 0, ... ) == 0x8169c018
 00242  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00243  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 678, 128, 0, ... ) == 0x8169c01a
 00244  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00245  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 679, 128, 0, ... ) == 0x8169c01d
 00246  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00247  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 681, 128, 0, ... ) == 0x8169c026
 00248  1248   NtUserFindExistingCursorIcon  (1240712, 1240728, 1240776, ... ) == 0x10011
 00249  1248   NtUserRegisterClassExWOW  (1240724, 1240792, 1240808, 1240824, 680, 128, 0, ... ) == 0x8169c019
 00250  1248   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8169c020
 00251  1248   NtUserRegisterClassExWOW  (1240932, 1241028, 1241012, 1241000, 0, 130, 0, ... ) == 0x8169c022
 00252  1248   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8169c023
 00253  1248   NtUserRegisterClassExWOW  (1240932, 1241028, 1241012, 1241000, 0, 130, 0, ... ) == 0x8169c024
 00254  1248   NtUserRegisterClassExWOW  (1240676, 1240744, 1240760, 1240776, 0, 128, 0, ... ) == 0x8169c025
 00255  1248   NtCallbackReturn  (0, 0, 0, ...
 00256  1248   NtGdiInit  (... ) == 0x1
 00257  1248   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00258  1248   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00259  1248   NtAllocateVirtualMemory  (-1, 0, 0, 26112, 4096, 64, ... 8716288, 28672, ) == 0x0
 00260  1248   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00261  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2_32.dll"}, 1242908, ... ) }, 1242908, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00262  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2_32.dll"}, 1242908, ... ) }, 1242908, ... ) == 0x0
 00263  1248   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2_32.dll"}, 5, 96, ... 44, {status=0x0, info=1}, ) }, 5, 96, ... 44, {status=0x0, info=1}, ) == 0x0
 00264  1248   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 44, ... 48, ) == 0x0
 00265  1248   NtQuerySection  (48, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00266  1248   NtClose  (44, ... ) == 0x0
 00267  1248   NtMapViewOfSection  (48, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71ab0000), 0x0, 94208, ) == 0x0
 00268  1248   NtClose  (48, ... ) == 0x0
 00269  1248   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "msvcrt.dll"}, ... 48, ) }, ... 48, ) == 0x0
 00270  1248   NtMapViewOfSection  (48, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 360448, ) == 0x0
 00271  1248   NtClose  (48, ... ) == 0x0
 00272  1248   NtProtectVirtualMemory  (-1, (0x77c11000), 632, 4, ... (0x77c11000), 4096, 32, ) == 0x0
 00273  1248   NtProtectVirtualMemory  (-1, (0x77c11000), 4096, 32, ... (0x77c11000), 4096, 4, ) == 0x0
 00274  1248   NtFlushInstructionCache  (-1, 2009141248, 632, ... ) == 0x0
 00275  1248   NtProtectVirtualMemory  (-1, (0x71ab1000), 468, 4, ... (0x71ab1000), 4096, 32, ) == 0x0
 00276  1248   NtProtectVirtualMemory  (-1, (0x71ab1000), 4096, 32, ... (0x71ab1000), 4096, 4, ) == 0x0
 00277  1248   NtFlushInstructionCache  (-1, 1907036160, 468, ... ) == 0x0
 00278  1248   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00279  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2HELP.dll"}, 1242092, ... ) }, 1242092, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00280  1248   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2HELP.dll"}, 1242092, ... ) }, 1242092, ... ) == 0x0
 00281  1248   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\WS2HELP.dll"}, 5, 96, ... 48, {status=0x0, info=1}, ) }, 5, 96, ... 48, {status=0x0, info=1}, ) == 0x0
 00282  1248   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 48, ... 44, ) == 0x0
 00283  1248   NtQuerySection  (44, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00284  1248   NtClose  (48, ... ) == 0x0
 00285  1248   NtMapViewOfSection  (44, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71aa0000), 0x0, 32768, ) == 0x0
 00286  1248   NtClose  (44, ... ) == 0x0
 00287  1248   NtProtectVirtualMemory  (-1, (0x71aa1000), 352, 4, ... (0x71aa1000), 4096, 32, ) == 0x0
 00288  1248   NtProtectVirtualMemory  (-1, (0x71aa1000), 4096, 32, ... (0x71aa1000), 4096, 4, ) == 0x0
 00289  1248   NtFlushInstructionCache  (-1, 1906970624, 352, ... ) == 0x0
 00290  1248   NtProtectVirtualMemory  (-1, (0x71ab1000), 468, 4, ... (0x71ab1000), 4096, 32, ) == 0x0
 00291  1248   NtProtectVirtualMemory  (-1, (0x71ab1000), 4096, 32, ... (0x71ab1000), 4096, 4, ) == 0x0
 00292  1248   NtFlushInstructionCache  (-1, 1907036160, 468, ... ) == 0x0
 00293  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00294  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00295  1248   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 8781824, 65536, ) == 0x0
 00296  1248   NtAllocateVirtualMemory  (-1, 8781824, 0, 4096, 4096, 4, ... 8781824, 4096, ) == 0x0
 00297  1248   NtAllocateVirtualMemory  (-1, 8785920, 0, 8192, 4096, 4, ... 8785920, 8192, ) == 0x0
 00298  1248   NtAllocateVirtualMemory  (-1, 8794112, 0, 4096, 4096, 4, ... 8794112, 4096, ) == 0x0
 00299  1248   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 44, ) }, ... 44, ) == 0x0
 00300  1248   NtMapViewOfSection  (44, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x870000), 0x0, 12288, ) == 0x0
 00301  1248   NtClose  (44, ... ) == 0x0
 00302  1248   NtAllocateVirtualMemory  (-1, 8798208, 0, 4096, 4096, 4, ... 8798208, 4096, ) == 0x0
 00303  1248   NtQueryVirtualMemory  (-1, 0x77c2807c, Basic, 28, ... {BaseAddress=0x77c28000,AllocationBase=0x77c10000,AllocationProtect=0x80,RegionSize=0x35000,State=0x1000,Protect=0x20,Type=0x1000000,}, 28, ) == 0x0
 00304  1248   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 00305  1248   NtQueryInformationProcess  (-1, 36, 4, ... {process info, class 36, size 4}, 0x0, ) == 0x0
 00306  1248   NtQueryVirtualMemory  (-1, 0x0, Basic, 28, ... {BaseAddress=0x0,AllocationBase=0x0,AllocationProtect=0x0,RegionSize=0x10000,State=0x10000,Protect=0x1,Type=0x0,}, 28, ) == 0x0
 00307  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00308  1248   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00309  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00310  1248   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00311  1248   NtFreeVirtualMemory  (-1, (0x850000), 0, 32768, ... (0x850000), 28672, ) == 0x0
 00312  1248   NtFreeVirtualMemory  (-1, (0x320144), 0, 32768, ... (0x320000), 4096, ) == 0x0
 00313  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00314  1248   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 3276800, 65536, ) == 0x0
 00315  1248   NtAllocateVirtualMemory  (-1, 3276800, 0, 4096, 4096, 4, ... 3276800, 4096, ) == 0x0
 00316  1248   NtAllocateVirtualMemory  (-1, 3280896, 0, 20480, 4096, 4, ... 3280896, 20480, ) == 0x0
 00317  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 8912896, 1048576, ) == 0x0
 00318  1248   NtAllocateVirtualMemory  (-1, 8912896, 0, 32768, 4096, 4, ... 8912896, 32768, ) == 0x0
 00319  1248   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 44, ) }, ... 44, ) == 0x0
 00320  1248   NtCreateMutant  (0x1f0001, {24, 44, 0x80, 0, 0,  (0x1f0001, {24, 44, 0x80, 0, 0, "Jobaka3"}, 0, ... 48, ) }, 0, ... 48, ) == 0x0
 00321  1248   NtOpenKey  (0x2000000, {24, 28, 0x40, 0, 0,  (0x2000000, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\WinSock2\Parameters"}, ... 52, ) }, ... 52, ) == 0x0
 00322  1248   NtQueryValueKey  (52,  (52, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (52, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 00323  1248   NtQueryValueKey  (52,  (52, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (52, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 00324  1248   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 56, ) == 0x0
 00325  1248   NtOpenKey  (0x2000000, {24, 52, 0x40, 0, 0,  (0x2000000, {24, 52, 0x40, 0, 0, "Protocol_Catalog9"}, ... 60, ) }, ... 60, ) == 0x0
 00326  1248   NtQueryValueKey  (60,  (60, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (60, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) }, 16, ) == 0x0
 00327  1248   NtNotifyChangeKey  (60, 56, 0, 0, 2011455960, 1, 0, 0, 0, 1, ... ) == 0x103
 00328  1248   NtQueryValueKey  (60,  (60, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (60, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\15\0\0\0"}, 16, ) }, 16, ) == 0x0
 00329  1248   NtOpenKey  (0x2000000, {24, 60, 0x40, 0, 0,  (0x2000000, {24, 60, 0x40, 0, 0, "0000000D"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00330  1248   NtQueryValueKey  (60,  (60, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="#\4\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (60, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="#\4\0\0"}, 16, ) }, 16, ) == 0x0
 00331  1248   NtQueryValueKey  (60,  (60, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\26\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (60, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\26\0\0\0"}, 16, ) }, 16, ) == 0x0
 00332  1248   NtOpenKey  (0x2000000, {24, 60, 0x40, 0, 0,  (0x2000000, {24, 60, 0x40, 0, 0, "Catalog_Entries"}, ... 64, ) }, ... 64, ) == 0x0
 00333  1248   NtAllocateVirtualMemory  (-1, 1331200, 0, 4096, 4096, 4, ... 1331200, 4096, ) == 0x0
 00334  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000001"}, ... 68, ) }, ... 68, ) == 0x0
 00335  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00336  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00337  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0R\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0R\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0S\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0S\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0T\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0T\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0U\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0R\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0R\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0S\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0S\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0T\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0T\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0U\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0T\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0U\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0R\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0R\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0S\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0S\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0T\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0T\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0U\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00338  1248   NtClose  (68, ... ) == 0x0
 00339  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000002"}, ... 68, ) }, ... 68, ) == 0x0
 00340  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00341  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00342  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0W\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0W\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0X\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0X\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0Y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0Y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0Z\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0W\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0W\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0X\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0X\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0Y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0Y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0Z\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0Y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0Z\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0W\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0W\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0X\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0X\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0Y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0Y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0Z\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00343  1248   NtClose  (68, ... ) == 0x0
 00344  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000003"}, ... 68, ) }, ... 68, ) == 0x0
 00345  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00346  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00347  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0]\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0]\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0^\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0^\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0_\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0]\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0]\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0^\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0^\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0_\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0^\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0_\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0]\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0]\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0^\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0^\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0_\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00348  1248   NtClose  (68, ... ) == 0x0
 00349  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000004"}, ... 68, ) }, ... 68, ) == 0x0
 00350  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00351  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00352  1248   NtAllocateVirtualMemory  (-1, 1335296, 0, 4096, 4096, 4, ... 1335296, 4096, ) == 0x0
 00353  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0b\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0b\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0c\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0c\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0d\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0d\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0e\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0b\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0b\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0c\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0c\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0d\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0d\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0e\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0d\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0e\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\204\370\272\2|\370\272\2\210\371\272\2\4\244`u\\12\0\0\240<_u\260\371\272\2\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\1\0\0\0\344\373\272\2\1\0\0\0\330\273\356\0\0\0\0\0=\373\220|\200\371\272\2\0\0\0\0\0\371\272\2l\373\220|q\373\220|\0\0\0\0\200\371\272\2=\373\220|\334\370\272\2\0\0\0\0\204\3\0\0b\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0b\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0c\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0c\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0d\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0d\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0e\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00354  1248   NtClose  (68, ... ) == 0x0
 00355  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000005"}, ... 68, ) }, ... 68, ) == 0x0
 00356  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00357  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00358  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0g\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0g\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0h\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0h\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0i\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0i\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0j\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0g\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0g\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0h\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0h\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0i\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0i\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0j\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0i\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0j\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\210\1\34\0\0\0\34\0\10\0\0\0\0\0\0\0\214\373\272\2\\15\221|\0\0\34\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\210\1\34\0\0\0\0\0\20\0\0\0P\373\272\2\270Ddu\0\0\0\0(\275\356\0|\373\272\2\364\373\272\2\0\0\34\0\10\0\0\0\0\0\0\0(\374\272\2\\15\221|\0\0\34\0\0\0\0\0\204\3\0\0g\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0g\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0h\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0h\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0i\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0i\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0j\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00359  1248   NtClose  (68, ... ) == 0x0
 00360  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000006"}, ... 68, ) }, ... 68, ) == 0x0
 00361  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00362  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00363  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0l\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0l\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0m\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0m\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0n\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0n\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0o\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0l\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0l\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0m\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0m\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0n\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0n\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0o\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0n\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0o\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5&\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0d\200\304\237\230r\344C\267\275\30\37 \211y*\374\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0 \0\0\0\36\0\0\0\36\0\0\0\1\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0R\0f\0C\0o\0m\0m\0 \0[\0B\0l\0u\0e\0t\0o\0o\0t\0h\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0l\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0l\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0m\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0m\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0n\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0n\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0o\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00364  1248   NtClose  (68, ... ) == 0x0
 00365  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000007"}, ... 68, ) }, ... 68, ) == 0x0
 00366  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00367  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00368  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0q\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0q\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0r\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0r\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0s\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0s\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0t\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0q\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0q\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0r\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0r\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0s\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0s\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0t\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0s\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0t\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\23\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0q\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0q\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0r\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0r\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0s\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0s\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0t\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00369  1248   NtClose  (68, ... ) == 0x0
 00370  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000008"}, ... 68, ) }, ... 68, ) == 0x0
 00371  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00372  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00373  1248   NtAllocateVirtualMemory  (-1, 1339392, 0, 4096, 4096, 4, ... 1339392, 4096, ) == 0x0
 00374  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0w\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0w\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0x\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0x\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0z\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0w\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0w\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0x\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0x\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0z\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0z\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\24\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\373\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0F\0C\0C\00\03\0A\04\01\0-\08\0C\0C\0C\0-\04\09\01\09\0-\0A\0\0\0\0\0\204\3\0\0w\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0w\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0x\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0x\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0y\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0z\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00375  1248   NtClose  (68, ... ) == 0x0
 00376  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000009"}, ... 68, ) }, ... 68, ) == 0x0
 00377  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00378  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00379  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0|\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0|\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0}\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0}\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0~\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0~\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\177\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0|\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0|\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0}\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0}\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0~\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0~\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\177\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0~\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\177\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\25\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0|\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0|\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0}\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0}\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0~\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0~\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\177\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00380  1248   NtClose  (68, ... ) == 0x0
 00381  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000010"}, ... 68, ) }, ... 68, ) == 0x0
 00382  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00383  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00384  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\201\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\201\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\202\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\202\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\203\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\203\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\204\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\201\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\201\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\202\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\202\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\203\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\203\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\204\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\203\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\204\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\26\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\374\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0E\07\04\02\01\0B\05\0-\07\03\02\0D\0-\04\05\06\07\0-\0A\0\0\0\0\0\204\3\0\0\201\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\201\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\202\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\202\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\203\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\203\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\204\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00385  1248   NtClose  (68, ... ) == 0x0
 00386  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000011"}, ... 68, ) }, ... 68, ) == 0x0
 00387  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00388  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00389  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\206\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\206\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\207\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0\207\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\210\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\210\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\211\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\206\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\206\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\207\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0\207\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\210\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\210\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\211\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\210\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\211\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\27\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\206\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\206\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\207\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\02\0\207\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\210\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\210\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\211\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00390  1248   NtClose  (68, ... ) == 0x0
 00391  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000012"}, ... 68, ) }, ... 68, ) == 0x0
 00392  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00393  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00394  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\213\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\213\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\214\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0\214\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\215\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\215\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\216\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\213\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\213\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\214\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0\214\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\215\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\215\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\216\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\215\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\216\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\30\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\375\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\09\07\0C\02\0D\09\0F\04\0-\06\09\05\04\0-\04\0E\0B\03\0-\08\0\0\0\0\0\204\3\0\0\213\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\213\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\214\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\03\0\214\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\215\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\215\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\216\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00395  1248   NtClose  (68, ... ) == 0x0
 00396  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000013"}, ... 68, ) }, ... 68, ) == 0x0
 00397  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00398  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00399  1248   NtAllocateVirtualMemory  (-1, 1343488, 0, 4096, 4096, 4, ... 1343488, 4096, ) == 0x0
 00400  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\221\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\221\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\222\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0\222\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\223\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\223\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\224\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\221\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\221\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\222\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0\222\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\223\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\223\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\224\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\223\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\224\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\31\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\221\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\221\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\222\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\04\0\222\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\223\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\223\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\224\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00401  1248   NtClose  (68, ... ) == 0x0
 00402  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000014"}, ... 68, ) }, ... 68, ) == 0x0
 00403  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00404  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00405  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\226\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\226\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\227\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0\227\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\230\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\230\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\231\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\226\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\226\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\227\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0\227\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\230\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\230\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\231\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\230\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\231\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\32\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\00\0D\04\03\00\0A\06\0F\0-\00\04\01\00\0-\04\0A\06\08\0-\09\0\0\0\0\0\204\3\0\0\226\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\226\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\227\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\05\0\227\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\230\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\230\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\231\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00406  1248   NtClose  (68, ... ) == 0x0
 00407  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000015"}, ... 68, ) }, ... 68, ) == 0x0
 00408  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00409  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00410  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\233\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\233\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\234\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0\234\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\235\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\235\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\236\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\233\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\233\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\234\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0\234\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\235\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\235\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\236\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\235\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\236\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\33\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\233\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\233\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\234\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\06\0\234\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\235\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\235\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\236\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00411  1248   NtClose  (68, ... ) == 0x0
 00412  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000016"}, ... 68, ) }, ... 68, ) == 0x0
 00413  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00414  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00415  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\240\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\240\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\241\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0\241\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\242\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\242\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\243\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\240\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\240\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\241\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0\241\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\242\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\242\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\243\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\242\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\243\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\34\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\08\0A\0D\04\0D\08\00\06\0-\00\08\01\0B\0-\04\04\04\06\0-\0A\0\0\0\0\0\204\3\0\0\240\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\240\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\241\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\07\0\241\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\242\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\242\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\243\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00416  1248   NtClose  (68, ... ) == 0x0
 00417  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000017"}, ... 68, ) }, ... 68, ) == 0x0
 00418  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00419  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00420  1248   NtAllocateVirtualMemory  (-1, 1347584, 0, 4096, 4096, 4, ... 1347584, 4096, ) == 0x0
 00421  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\246\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\246\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\247\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0\247\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\250\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\250\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\251\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\246\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\246\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\247\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0\247\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\250\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\250\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\251\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\250\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\251\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\35\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\246\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\246\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\247\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\08\0\247\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\250\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\250\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\251\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00422  1248   NtClose  (68, ... ) == 0x0
 00423  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000018"}, ... 68, ) }, ... 68, ) == 0x0
 00424  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00425  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00426  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\253\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\253\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\254\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0\254\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\255\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\255\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\256\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\253\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\253\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\254\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0\254\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\255\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\255\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\256\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\255\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\256\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\36\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0E\05\05\09\0B\00\0C\01\0-\0F\0A\04\06\0-\04\06\04\0D\0-\0B\0\0\0\0\0\204\3\0\0\253\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\253\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\254\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\09\0\254\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\255\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\255\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\256\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00427  1248   NtClose  (68, ... ) == 0x0
 00428  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000019"}, ... 68, ) }, ... 68, ) == 0x0
 00429  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00430  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00431  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\260\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\260\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\261\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0\261\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\262\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\262\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\263\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\260\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\260\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\261\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0\261\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\262\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\262\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\263\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\262\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\263\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\37\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\260\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\260\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\261\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\00\0\261\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\262\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\262\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\263\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00432  1248   NtClose  (68, ... ) == 0x0
 00433  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000020"}, ... 68, ) }, ... 68, ) == 0x0
 00434  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00435  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00436  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\265\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\265\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\266\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0\266\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\267\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\267\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\270\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\265\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\265\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\266\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0\266\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\267\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\267\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\270\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\267\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\270\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222 \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\372\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0C\0D\03\0C\06\04\0B\08\0-\0D\0B\07\06\0-\04\04\0C\08\0-\09\0\0\0\0\0\204\3\0\0\265\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\265\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\266\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\01\0\266\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\267\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\267\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\270\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00437  1248   NtClose  (68, ... ) == 0x0
 00438  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000021"}, ... 68, ) }, ... 68, ) == 0x0
 00439  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00440  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00441  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\272\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\272\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\273\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0\273\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\274\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\274\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\275\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\272\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\272\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\273\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0\273\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\274\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\274\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\275\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\274\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\275\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0 (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222!\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\272\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\272\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\273\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0@\0\0\0`\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0\370L\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\02\02\0\273\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0D\0\0\0\274\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\274\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\275\1\0\0x\6\0\0\340\4\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0D\0\0\0\0\0\0\0"\0\12\2\0\334\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00442  1248   NtClose  (68, ... ) == 0x0
 00443  1248   NtOpenKey  (0x20019, {24, 64, 0x40, 0, 0,  (0x20019, {24, 64, 0x40, 0, 0, "000000000022"}, ... 68, ) }, ... 68, ) == 0x0
 00444  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00445  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00446  1248   NtAllocateVirtualMemory  (-1, 1351680, 0, 4096, 4096, 4, ... 1351680, 4096, ) == 0x0
 00447  1248   NtQueryValueKey  (68,  (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222"\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\300\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\300\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\301\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0@\0\0\0\301\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\302\1\0\0x\6\0\0\340\4\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\302\1\0\0x\6\0\0\340\4\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0\303\1\0\0x\6\0\0\340\4\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\303\1\0\0x\6\0\0\340\4\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0@\0\0\0\304\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\04\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0\310L\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (68, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0\26\0\10@w\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0{\1\11\0;\0\16\1X\253\26\0\10@w\16\09\01\0A\06\0F\0E\02\05\02\0D\03\0F\0B\08\0E\06\0C\0C\07\06\0C\06\03\0F\09\0B\0C\0D\04\0C\07\01\0E\0B\00\0\0\0\2404\2002\0W\14\0\14\0\317\1\15\10Q0,\6\12+\6\1\4\1\2027\2\1\31\242\36\200\34\0<\0<\0<\0O\0b\0s\0o\0l\0e\0t\0e\0>\0>\0>0!0\11\6\5+\16\3\2\32\5\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222"\4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\300\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\300\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\301\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0@\0\0\0\301\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\302\1\0\0x\6\0\0\340\4\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\302\1\0\0x\6\0\0\340\4\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0\303\1\0\0x\6\0\0\340\4\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\303\1\0\0x\6\0\0\340\4\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0@\0\0\0\304\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\04\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0\310L\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) \4\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\371\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\02\01\0B\08\0E\09\0D\05\0-\03\0F\0C\03\0-\04\0F\09\0D\0-\08\0\0\0\0\0\204\3\0\0\300\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0D\0\0\0\300\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\301\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0@\0\0\0\301\1\0\0x\6\0\0\340\4\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\302\1\0\0x\6\0\0\340\4\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\302\1\0\0x\6\0\0\340\4\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0\303\1\0\0x\6\0\0\340\4\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\303\1\0\0x\6\0\0\340\4\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0@\0\0\0\304\1\0\0x\6\0\0\340\4\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\04\0\0\0\210\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0\310L\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) == 0x0
 00448  1248   NtClose  (68, ... ) == 0x0
 00449  1248   NtClose  (64, ... ) == 0x0
 00450  1248   NtWaitForSingleObject  (56, 0, {0, 0}, ... ) == 0x102
 00451  1248   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 64, ) == 0x0
 00452  1248   NtOpenKey  (0x2000000, {24, 52, 0x40, 0, 0,  (0x2000000, {24, 52, 0x40, 0, 0, "NameSpace_Catalog5"}, ... 68, ) }, ... 68, ) == 0x0
 00453  1248   NtQueryValueKey  (68,  (68, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (68, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) }, 16, ) == 0x0
 00454  1248   NtNotifyChangeKey  (68, 64, 0, 0, 2011455960, 1, 0, 0, 0, 1, ... ) == 0x103
 00455  1248   NtQueryValueKey  (68,  (68, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (68, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\5\0\0\0"}, 16, ) }, 16, ) == 0x0
 00456  1248   NtOpenKey  (0x2000000, {24, 68, 0x40, 0, 0,  (0x2000000, {24, 68, 0x40, 0, 0, "00000005"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00457  1248   NtQueryValueKey  (68,  (68, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (68, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) }, 16, ) == 0x0
 00458  1248   NtOpenKey  (0x2000000, {24, 68, 0x40, 0, 0,  (0x2000000, {24, 68, 0x40, 0, 0, "Catalog_Entries"}, ... 72, ) }, ... 72, ) == 0x0
 00459  1248   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000001"}, ... 76, ) }, ... 76, ) == 0x0
 00460  1248   NtQueryValueKey  (76,  (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00461  1248   NtQueryValueKey  (76,  (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00462  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00463  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00464  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00465  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00466  1248   NtQueryValueKey  (76,  (76, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (76, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) \236~\317\21\256Z\0\252\0\247\21+"}, 28, ) == 0x0
 00467  1248   NtQueryValueKey  (76,  (76, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00468  1248   NtQueryValueKey  (76,  (76, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) }, 16, ) == 0x0
 00469  1248   NtQueryValueKey  (76,  (76, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00470  1248   NtQueryValueKey  (76,  (76, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00471  1248   NtQueryValueKey  (76,  (76, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00472  1248   NtClose  (76, ... ) == 0x0
 00473  1248   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000002"}, ... 76, ) }, ... 76, ) == 0x0
 00474  1248   NtQueryValueKey  (76,  (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00475  1248   NtQueryValueKey  (76,  (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00476  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00477  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00478  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00479  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00480  1248   NtQueryValueKey  (76,  (76, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (76, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) }, 28, ) == 0x0
 00481  1248   NtQueryValueKey  (76,  (76, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00482  1248   NtQueryValueKey  (76,  (76, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) }, 16, ) == 0x0
 00483  1248   NtQueryValueKey  (76,  (76, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00484  1248   NtQueryValueKey  (76,  (76, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00485  1248   NtQueryValueKey  (76,  (76, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00486  1248   NtClose  (76, ... ) == 0x0
 00487  1248   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000003"}, ... 76, ) }, ... 76, ) == 0x0
 00488  1248   NtQueryValueKey  (76,  (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00489  1248   NtQueryValueKey  (76,  (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00490  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00491  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00492  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00493  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00494  1248   NtQueryValueKey  (76,  (76, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (76, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) }, 28, ) == 0x0
 00495  1248   NtQueryValueKey  (76,  (76, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00496  1248   NtQueryValueKey  (76,  (76, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) }, 16, ) == 0x0
 00497  1248   NtQueryValueKey  (76,  (76, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00498  1248   NtQueryValueKey  (76,  (76, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00499  1248   NtQueryValueKey  (76,  (76, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00500  1248   NtClose  (76, ... ) == 0x0
 00501  1248   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000004"}, ... 76, ) }, ... 76, ) == 0x0
 00502  1248   NtQueryValueKey  (76,  (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00503  1248   NtQueryValueKey  (76,  (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0s\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0b\0t\0h\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00504  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 00505  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 00506  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 00507  1248   NtQueryValueKey  (76,  (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (76, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 52, ) }, 52, ) == 0x0
 00508  1248   NtQueryValueKey  (76,  (76, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\340c\252\6`}\377A\257\262>\346\322\3319-"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (76, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\340c\252\6`}\377A\257\262>\346\322\3319-"}, 28, ) }, 28, ) == 0x0
 00509  1248   NtQueryValueKey  (76,  (76, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00510  1248   NtQueryValueKey  (76,  (76, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) }, 16, ) == 0x0
 00511  1248   NtQueryValueKey  (76,  (76, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00512  1248   NtQueryValueKey  (76,  (76, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00513  1248   NtQueryValueKey  (76,  (76, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00514  1248   NtClose  (76, ... ) == 0x0
 00515  1248   NtClose  (72, ... ) == 0x0
 00516  1248   NtWaitForSingleObject  (64, 0, {0, 0}, ... ) == 0x102
 00517  1248   NtClose  (52, ... ) == 0x0
 00518  1248   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00519  1248   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00520  1248   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Winsock2\Parameters"}, ... 52, ) }, ... 52, ) == 0x0
 00521  1248   NtQueryValueKey  (52,  (52, "Ws2_32NumHandleBuckets", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00522  1248   NtClose  (52, ... ) == 0x0
 00523  1248   NtAllocateVirtualMemory  (-1, 1355776, 0, 4096, 4096, 4, ... 1355776, 4096, ) == 0x0
 00524  1248   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 52, ) == 0x0
 00525  1248   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1241648,  (0x80100080, {24, 0, 0x40, 0, 1241648, "\??\u:\work\packed.exe"}, 0x0, 0, 1, 1, 2097252, 0, 0, ... 72, {status=0x0, info=1}, ) }, 0x0, 0, 1, 1, 2097252, 0, 0, ... 72, {status=0x0, info=1}, ) == 0x0
 00526  1248   NtQueryInformationFile  (72, 1242084, 8, AttributeFlag, ... {status=0x0, info=8}, ) == 0x0
 00527  1248   NtQueryInformationFile  (72, 1242000, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00528  1248   NtQueryInformationFile  (72, 1241816, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00529  1248   NtAllocateVirtualMemory  (-1, 1359872, 0, 8192, 4096, 4, ... 1359872, 8192, ) == 0x0
 00530  1248   NtQueryInformationFile  (72, 1355896, 4094, Stream, ... {status=0x0, info=38}, ) == 0x0
 00531  1248   NtQueryInformationFile  (72, 1240264, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00532  1248   NtQueryInformationFile  (72, 1240540, 4, Ea, ... {status=0x0, info=4}, ) == 0x0
 00533  1248   NtCreateFile  (0x40110080, {24, 0, 0x40, 0, 1240416,  (0x40110080, {24, 0, 0x40, 0, 1240416, "\??\C:\WINDOWS\avserve2.exe"}, 0x0, 32, 0, 5, 100, 0, 0, ... }, 0x0, 32, 0, 5, 100, 0, 0, ...
 00534  1248   NtClose  (-2147482740, ... ) == 0x0
 00533  1248   NtCreateFile  ... 76, {status=0x0, info=2}, ) == 0x0
 00535  1248   NtQueryVolumeInformationFile  (76, 1240568, 536, Attribute, ... {status=0x0, info=20}, ) == 0x0
 00536  1248   NtQueryInformationFile  (76, 1240152, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00537  1248   NtQueryVolumeInformationFile  (72, 1240568, 536, Attribute, ... {status=0x0, info=20}, ) == 0x0
 00538  1248   NtQueryVolumeInformationFile  (72, 1239912, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00539  1248   NtSetInformationFile  (76, 1240468, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00540  1248   NtCreateSection  (0xf001f, 0x0, 0x0, 2, 134217728, 72, ... 80, ) == 0x0
 00541  1248   NtMapViewOfSection  (80, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0x980000), {0, 0}, 86016, ) == 0x0
 00542  1248   NtClose  (80, ... ) == 0x0
 00543  1248   NtWriteFile  (76, 0, 0, 0,  (76, 0, 0, 0, "MZ\220\0\3\0\0\0\4\0\0\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\0\0\0\0\0\0    \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\320\0\0\0\16\37\272\16\0\264\11\315!\270\1L\315!This program cannot be run in DOS mode.\15\15\12$\0\0\0\0\0\0\0\324%^\221\220D0\302\220D0\302\220D0\302x[:\302\212D0\302\23X>\302\233D0\302\220D1\302\331D0\302\362[#\302\231D0\302x[;\302\224D0\302(B6\302\221D0\302Rich\220D0\302\0\0\0\0\0\0\0\0PE\0\0L\1\2\0d\347\223@\0\0\0\0\0\0\0\0\340\0\17\1\13\1\6\0\0>\0\0\0"\0\0\0\0\0\0\20\220\1\0\0\20\0\0\0P\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\0\2\0\0\4\0\0\0\0\0\0\2\0\0\0\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0$\220\0\0\212\0\0\0\0\220\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0\0\200\0\0\0\20\0\0\00\0\0\0\4\0\02CEP\0\0\0\0\0\0\0\0 \0\0\340.rsr", 61440, 0x0, 0, ... {status=0x0, info=61440}, ) \0\0\0\0\0\0\20\220\1\0\0\20\0\0\0P\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\0\2\0\0\4\0\0\0\0\0\0\2\0\0\0\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0$\220\0\0\212\0\0\0\0\220\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0\0\200\0\0\0\20\0\0\00\0\0\0\4\0\02CEP\0\0\0\0\0\0\0\0 \0\0\340.rsr", 61440, 0x0, 0, ... {status=0x0, info=61440}, ) == 0x0
 00544  1248   NtWriteFile  (76, 0, 0, 0,  (76, 0, 0, 0, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 24080, 0x0, 0, ... {status=0x0, info=24080}, ) , 24080, 0x0, 0, ... {status=0x0, info=24080}, ) == 0x0
 00545  1248   NtUnmapViewOfSection  (-1, 0x980000, ... ) == 0x0
 00546  1248   NtSetInformationFile  (76, 1241816, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00547  1248   NtClose  (72, ... ) == 0x0
 00548  1248   NtClose  (76, ... ) == 0x0
 00549  1248   NtOpenKey  (0x2000000, {24, 28, 0x40, 0, 0,  (0x2000000, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"}, ... 76, ) }, ... 76, ) == 0x0
 00550  1248   NtSetValueKey  (76,  (76, "avserve2.exe", 0, 1, "C\0:\0\\0W\0I\0N\0D\0O\0W\0S\0\\0a\0v\0s\0e\0r\0v\0e\02\0.\0e\0x\0e\0\0\0", 48, ... , 0, 1,  (76, "avserve2.exe", 0, 1, "C\0:\0\\0W\0I\0N\0D\0O\0W\0S\0\\0a\0v\0s\0e\0r\0v\0e\02\0.\0e\0x\0e\0\0\0", 48, ... , 48, ...
 00551  1248   NtSetInformationFile  (-2147482448, -139610320, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00552  1248   NtSetInformationFile  (-2147482448, -139610412, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00553  1248   NtSetInformationFile  (-2147482448, -139610720, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00550  1248   NtSetValueKey  ... ) == 0x0
 00554  1248   NtClose  (76, ... ) == 0x0
 00555  1248   NtCreateMutant  (0x1f0001, {24, 44, 0x80, 0, 0,  (0x1f0001, {24, 44, 0x80, 0, 0, "JumpallsNlsTillt"}, 0, ... 76, ) }, 0, ... 76, ) == 0x0
 00556  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 9961472, 1048576, ) == 0x0
 00557  1248   NtAllocateVirtualMemory  (-1, 11001856, 0, 8192, 4096, 4, ... 11001856, 8192, ) == 0x0
 00558  1248   NtProtectVirtualMemory  (-1, (0xa7e000), 4096, 260, ... (0xa7e000), 4096, 4, ) == 0x0
 00559  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 72, {1656, 1580}, ) == 0x0
 00560  1248   NtQueryInformationThread  (72, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdc000,Pid=1656,Tid=1580,}, 0x0, ) == 0x0
 00561  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893}  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\0\0\0x\6\0\0,\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57942, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\0\0\0x\6\0\0,\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57942, 0}  (24, {28, 56, new_msg, 0, 1244884, 2089878865, 1315560, 2089878893} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\0\0\0x\6\0\0,\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57942, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\0\0\0x\6\0\0,\6\0\0" )  ) == 0x0
 00562  1248   NtResumeThread  (72, ... 1, ) == 0x0
 00563  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 11010048, 1048576, ) == 0x0
 00564  1248   NtAllocateVirtualMemory  (-1, 12050432, 0, 8192, 4096, 4, ... 12050432, 8192, ) == 0x0
 00565  1248   NtProtectVirtualMemory  (-1, (0xb7e000), 4096, 260, ...
 00566  1580   NtTestAlert  (... ) == 0x0
 00567  1580   NtContinue  (11009328, 1, ...
 00568  1580   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00569  1580   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 80, ) == 0x0
 00570  1580   NtWaitForSingleObject  (56, 0, {0, 0}, ... ) == 0x102
 00571  1580   NtAllocateVirtualMemory  (-1, 10997760, 0, 4096, 4096, 260, ...
 00565  1248   NtProtectVirtualMemory  ... (0xb7e000), 4096, 4, ) == 0x0
 00572  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 84, {1656, 1756}, ) == 0x0
 00573  1248   NtQueryInformationThread  (84, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdb000,Pid=1656,Tid=1756,}, 0x0, ) == 0x0
 00574  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57942, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57942, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\0\0\0x\6\0\0\334\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57943, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\0\0\0x\6\0\0\334\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57943, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57942, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\0\0\0x\6\0\0\334\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57943, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\0\0\0x\6\0\0\334\6\0\0" )  ) == 0x0
 00575  1248   NtResumeThread  (84, ... 1, ) == 0x0
 00576  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 12058624, 1048576, ) == 0x0
 00571  1580   NtAllocateVirtualMemory  ... 10997760, 4096, ) == 0x0
 00577  1756   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 00578  1580   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11006452, ... }, 11006452, ...
 00577  1756   NtCreateEvent  ... 88, ) == 0x0
 00578  1580   NtQueryAttributesFile  ... ) == 0x0
 00579  1756   NtWaitForSingleObject  (88, 0, 0x0, ...
 00580  1580   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 5, 96, ... 92, {status=0x0, info=1}, ) }, 5, 96, ... 92, {status=0x0, info=1}, ) == 0x0
 00581  1580   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 92, ... 96, ) == 0x0
 00582  1580   NtClose  (92, ... ) == 0x0
 00583  1580   NtMapViewOfSection  (96, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0xc80000), 0x0, 245760, ) == 0x0
 00584  1580   NtClose  (96, ...
 00585  1248   NtAllocateVirtualMemory  (-1, 13099008, 0, 8192, 4096, 4, ... 13099008, 8192, ) == 0x0
 00586  1248   NtProtectVirtualMemory  (-1, (0xc7e000), 4096, 260, ... (0xc7e000), 4096, 4, ) == 0x0
 00587  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 92, {1656, 1292}, ) == 0x0
 00588  1248   NtQueryInformationThread  (92, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffda000,Pid=1656,Tid=1292,}, 0x0, ) == 0x0
 00589  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57943, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57943, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\0\0\0x\6\0\0\14\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 57944, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\0\0\0x\6\0\0\14\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57944, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57943, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\0\0\0x\6\0\0\14\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 57944, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\0\0\0x\6\0\0\14\5\0\0" )  ) == 0x0
 00590  1248   NtResumeThread  (92, ...
 00584  1580   NtClose  ... ) == 0x0
 00590  1248   NtResumeThread  ... 1, ) == 0x0
 00591  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 13369344, 1048576, ) == 0x0
 00592  1248   NtAllocateVirtualMemory  (-1, 14409728, 0, 8192, 4096, 4, ... 14409728, 8192, ) == 0x0
 00593  1248   NtProtectVirtualMemory  (-1, (0xdbe000), 4096, 260, ...
 00594  1580   NtUnmapViewOfSection  (-1, 0xc80000, ...
 00595  1292   NtWaitForSingleObject  (88, 0, 0x0, ...
 00594  1580   NtUnmapViewOfSection  ... ) == 0x0
 00596  1580   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11006760, ... ) }, 11006760, ... ) == 0x0
 00597  1580   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 5, 96, ... 96, {status=0x0, info=1}, ) }, 5, 96, ... 96, {status=0x0, info=1}, ) == 0x0
 00598  1580   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 96, ... 100, ) == 0x0
 00599  1580   NtQuerySection  (100, Image, 48, ...
 00593  1248   NtProtectVirtualMemory  ... (0xdbe000), 4096, 4, ) == 0x0
 00600  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 104, {1656, 1956}, ) == 0x0
 00601  1248   NtQueryInformationThread  (104, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd9000,Pid=1656,Tid=1956,}, 0x0, ) == 0x0
 00602  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57944, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57944, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\0\0\0x\6\0\0\244\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57945, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\0\0\0x\6\0\0\244\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57945, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57944, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\0\0\0x\6\0\0\244\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57945, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\0\0\0x\6\0\0\244\7\0\0" )  ) == 0x0
 00603  1248   NtResumeThread  (104, ... 1, ) == 0x0
 00604  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 14417920, 1048576, ) == 0x0
 00599  1580   NtQuerySection  ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00605  1956   NtWaitForSingleObject  (88, 0, 0x0, ...
 00606  1580   NtClose  (96, ... ) == 0x0
 00607  1580   NtMapViewOfSection  (100, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71a50000), 0x0, 258048, ) == 0x0
 00608  1580   NtClose  (100, ... ) == 0x0
 00609  1580   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 00610  1580   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ...
 00611  1248   NtAllocateVirtualMemory  (-1, 15458304, 0, 8192, 4096, 4, ... 15458304, 8192, ) == 0x0
 00612  1248   NtProtectVirtualMemory  (-1, (0xebe000), 4096, 260, ... (0xebe000), 4096, 4, ) == 0x0
 00613  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 100, {1656, 1980}, ) == 0x0
 00614  1248   NtQueryInformationThread  (100, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd8000,Pid=1656,Tid=1980,}, 0x0, ) == 0x0
 00615  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57945, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57945, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\0\0\0x\6\0\0\274\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57946, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\0\0\0x\6\0\0\274\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57946, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57945, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\0\0\0x\6\0\0\274\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57946, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\0\0\0x\6\0\0\274\7\0\0" )  ) == 0x0
 00616  1248   NtResumeThread  (100, ...
 00610  1580   NtProtectVirtualMemory  ... (0x71a51000), 4096, 4, ) == 0x0
 00617  1580   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 00618  1580   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 00619  1580   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ... (0x71a51000), 4096, 4, ) == 0x0
 00620  1580   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 00621  1580   NtProtectVirtualMemory  (-1, (0x71a51000), 1060, 4, ... (0x71a51000), 4096, 32, ) == 0x0
 00622  1580   NtProtectVirtualMemory  (-1, (0x71a51000), 4096, 32, ...
 00616  1248   NtResumeThread  ... 1, ) == 0x0
 00623  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 15466496, 1048576, ) == 0x0
 00624  1248   NtAllocateVirtualMemory  (-1, 16506880, 0, 8192, 4096, 4, ... 16506880, 8192, ) == 0x0
 00625  1248   NtProtectVirtualMemory  (-1, (0xfbe000), 4096, 260, ... (0xfbe000), 4096, 4, ) == 0x0
 00626  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 96, {1656, 1784}, ) == 0x0
 00627  1248   NtQueryInformationThread  (96, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd7000,Pid=1656,Tid=1784,}, 0x0, ) == 0x0
 00628  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57946, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57946, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\0\0\0x\6\0\0\370\6\0\0" ...  ...
 00622  1580   NtProtectVirtualMemory  ... (0x71a51000), 4096, 4, ) == 0x0
 00629  1980   NtWaitForSingleObject  (88, 0, 0x0, ...
 00630  1580   NtFlushInstructionCache  (-1, 1906642944, 1060, ... ) == 0x0
 00631  1580   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mswsock.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00632  1580   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00633  1580   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00634  1580   NtSetEventBoostPriority  (88, ...
 00628  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57947, 0}  ... {28, 56, reply, 0, 1656, 1248, 57947, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\0\0\0x\6\0\0\370\6\0\0" )  ) == 0x0
 00635  1248   NtResumeThread  (96, ... 1, ) == 0x0
 00636  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 16515072, 1048576, ) == 0x0
 00637  1248   NtAllocateVirtualMemory  (-1, 17555456, 0, 8192, 4096, 4, ... 17555456, 8192, ) == 0x0
 00638  1248   NtProtectVirtualMemory  (-1, (0x10be000), 4096, 260, ... (0x10be000), 4096, 4, ) == 0x0
 00639  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 108, {1656, 1480}, ) == 0x0
 00579  1756   NtWaitForSingleObject  ... ) == 0x0
 00634  1580   NtSetEventBoostPriority  ... ) == 0x0
 00640  1784   NtWaitForSingleObject  (88, 0, 0x0, ...
 00641  1756   NtSetEventBoostPriority  (88, ...
 00642  1580   NtWaitForSingleObject  (88, 0, 0x0, ...
 00595  1292   NtWaitForSingleObject  ... ) == 0x0
 00641  1756   NtSetEventBoostPriority  ... ) == 0x0
 00643  1292   NtSetEventBoostPriority  (88, ...
 00644  1248   NtQueryInformationThread  (108, Basic, 28, ...
 00605  1956   NtWaitForSingleObject  ... ) == 0x0
 00643  1292   NtSetEventBoostPriority  ... ) == 0x0
 00645  1956   NtSetEventBoostPriority  (88, ...
 00644  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffd6000,Pid=1656,Tid=1480,}, 0x0, ) == 0x0
 00646  1756   NtTestAlert  (...
 00629  1980   NtWaitForSingleObject  ... ) == 0x0
 00645  1956   NtSetEventBoostPriority  ... ) == 0x0
 00647  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57947, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57947, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\0\0\0x\6\0\0\310\5\0\0" ...  ...
 00648  1980   NtSetEventBoostPriority  (88, ...
 00646  1756   NtTestAlert  ... ) == 0x0
 00649  1292   NtTestAlert  (...
 00640  1784   NtWaitForSingleObject  ... ) == 0x0
 00648  1980   NtSetEventBoostPriority  ... ) == 0x0
 00647  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57948, 0}  ... {28, 56, reply, 0, 1656, 1248, 57948, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\0\0\0x\6\0\0\310\5\0\0" )  ) == 0x0
 00650  1756   NtContinue  (12057904, 1, ...
 00651  1784   NtSetEventBoostPriority  (88, ...
 00649  1292   NtTestAlert  ... ) == 0x0
 00652  1956   NtTestAlert  (...
 00653  1248   NtResumeThread  (108, ...
 00642  1580   NtWaitForSingleObject  ... ) == 0x0
 00651  1784   NtSetEventBoostPriority  ... ) == 0x0
 00654  1756   NtRegisterThreadTerminatePort  (24, ...
 00655  1292   NtContinue  (13106480, 1, ...
 00652  1956   NtTestAlert  ... ) == 0x0
 00656  1980   NtTestAlert  (...
 00657  1580   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 00653  1248   NtResumeThread  ... 1, ) == 0x0
 00654  1756   NtRegisterThreadTerminatePort  ... ) == 0x0
 00658  1292   NtRegisterThreadTerminatePort  (24, ...
 00659  1956   NtContinue  (14417200, 1, ...
 00657  1580   NtCreateEvent  ... 112, ) == 0x0
 00656  1980   NtTestAlert  ... ) == 0x0
 00660  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 00661  1756   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00658  1292   NtRegisterThreadTerminatePort  ... ) == 0x0
 00662  1956   NtRegisterThreadTerminatePort  (24, ...
 00663  1784   NtTestAlert  (...
 00664  1480   NtTestAlert  (...
 00665  1980   NtContinue  (15465776, 1, ...
 00660  1248   NtAllocateVirtualMemory  ... 17563648, 1048576, ) == 0x0
 00666  1580   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "hnetcfg.dll"}, ... }, ...
 00667  1292   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00662  1956   NtRegisterThreadTerminatePort  ... ) == 0x0
 00663  1784   NtTestAlert  ... ) == 0x0
 00664  1480   NtTestAlert  ... ) == 0x0
 00668  1980   NtRegisterThreadTerminatePort  (24, ...
 00669  1248   NtAllocateVirtualMemory  (-1, 18604032, 0, 8192, 4096, 4, ...
 00666  1580   NtOpenSection  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00661  1756   NtDuplicateObject  ... 116, ) == 0x0
 00670  1956   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00671  1784   NtContinue  (16514352, 1, ...
 00672  1480   NtContinue  (17562928, 1, ...
 00668  1980   NtRegisterThreadTerminatePort  ... ) == 0x0
 00669  1248   NtAllocateVirtualMemory  ... 18604032, 8192, ) == 0x0
 00673  1580   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\hnetcfg.dll"}, 11006372, ... }, 11006372, ...
 00674  1756   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00667  1292   NtDuplicateObject  ... 120, ) == 0x0
 00675  1784   NtRegisterThreadTerminatePort  (24, ...
 00676  1480   NtRegisterThreadTerminatePort  (24, ...
 00677  1980   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00678  1248   NtProtectVirtualMemory  (-1, (0x11be000), 4096, 260, ...
 00674  1756   NtWaitForSingleObject  ... ) == 0x102
 00679  1292   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00675  1784   NtRegisterThreadTerminatePort  ... ) == 0x0
 00676  1480   NtRegisterThreadTerminatePort  ... ) == 0x0
 00670  1956   NtDuplicateObject  ... 124, ) == 0x0
 00677  1980   NtDuplicateObject  ... 128, ) == 0x0
 00680  1756   NtAllocateVirtualMemory  (-1, 12046336, 0, 4096, 4096, 260, ...
 00679  1292   NtWaitForSingleObject  ... ) == 0x102
 00681  1784   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00678  1248   NtProtectVirtualMemory  ... (0x11be000), 4096, 4, ) == 0x0
 00682  1956   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00683  1980   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00680  1756   NtAllocateVirtualMemory  ... 12046336, 4096, ) == 0x0
 00684  1292   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 00685  1480   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00686  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 00682  1956   NtWaitForSingleObject  ... ) == 0x102
 00683  1980   NtWaitForSingleObject  ... ) == 0x102
 00681  1784   NtDuplicateObject  ... 132, ) == 0x0
 00684  1292   NtCreateEvent  ... 136, ) == 0x0
 00685  1480   NtDuplicateObject  ... 140, ) == 0x0
 00686  1248   NtCreateThread  ... 144, {1656, 1556}, ) == 0x0
 00687  1956   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 00688  1980   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 00689  1784   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00690  1756   NtWaitForSingleObject  (88, 0, 0x0, ...
 00691  1480   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00692  1248   NtQueryInformationThread  (144, Basic, 28, ...
 00687  1956   NtCreateEvent  ... 148, ) == 0x0
 00688  1980   NtCreateEvent  ... 152, ) == 0x0
 00689  1784   NtWaitForSingleObject  ... ) == 0x102
 00691  1480   NtWaitForSingleObject  ... ) == 0x102
 00692  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffd5000,Pid=1656,Tid=1556,}, 0x0, ) == 0x0
 00693  1292   NtWaitForSingleObject  (136, 0, 0x0, ...
 00673  1580   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00694  1956   NtClose  (148, ...
 00695  1784   NtWaitForSingleObject  (136, 0, 0x0, ...
 00696  1480   NtWaitForSingleObject  (136, 0, 0x0, ...
 00697  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57948, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57948, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0x\6\0\0\24\6\0\0" ...  ...
 00698  1580   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\hnetcfg.dll"}, 11006372, ... }, 11006372, ...
 00694  1956   NtClose  ... ) == 0x0
 00699  1980   NtClose  (152, ...
 00698  1580   NtQueryAttributesFile  ... ) == 0x0
 00700  1956   NtWaitForSingleObject  (136, 0, 0x0, ...
 00699  1980   NtClose  ... ) == 0x0
 00701  1580   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\hnetcfg.dll"}, 5, 96, ... }, 5, 96, ...
 00702  1980   NtWaitForSingleObject  (136, 0, 0x0, ...
 00701  1580   NtOpenFile  ... 152, {status=0x0, info=1}, ) == 0x0
 00703  1580   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 152, ... 148, ) == 0x0
 00704  1580   NtQuerySection  (148, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00705  1580   NtClose  (152, ... ) == 0x0
 00706  1580   NtMapViewOfSection  (148, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 00697  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57949, 0}  ... {28, 56, reply, 0, 1656, 1248, 57949, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\0\0\0x\6\0\0\24\6\0\0" )  ) == 0x0
 00707  1248   NtResumeThread  (144, ... 1, ) == 0x0
 00708  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 18612224, 1048576, ) == 0x0
 00709  1248   NtAllocateVirtualMemory  (-1, 19652608, 0, 8192, 4096, 4, ... 19652608, 8192, ) == 0x0
 00710  1248   NtProtectVirtualMemory  (-1, (0x12be000), 4096, 260, ... (0x12be000), 4096, 4, ) == 0x0
 00711  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 152, {1656, 460}, ) == 0x0
 00706  1580   NtMapViewOfSection  ... (0x662b0000), 0x0, 360448, ) == 0x0
 00712  1556   NtWaitForSingleObject  (88, 0, 0x0, ...
 00713  1580   NtClose  (148, ... ) == 0x0
 00714  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 932, 4, ... (0x662b1000), 4096, 32, ) == 0x0
 00715  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 4096, 32, ... (0x662b1000), 4096, 4, ) == 0x0
 00716  1580   NtFlushInstructionCache  (-1, 1714098176, 932, ... ) == 0x0
 00717  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 932, 4, ... (0x662b1000), 4096, 32, ) == 0x0
 00718  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 4096, 32, ...
 00719  1248   NtQueryInformationThread  (152, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd4000,Pid=1656,Tid=460,}, 0x0, ) == 0x0
 00720  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57949, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57949, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0x\6\0\0\314\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 57950, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0x\6\0\0\314\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57950, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57949, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0x\6\0\0\314\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 57950, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\0\0\0x\6\0\0\314\1\0\0" )  ) == 0x0
 00721  1248   NtResumeThread  (152, ... 1, ) == 0x0
 00722  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 19660800, 1048576, ) == 0x0
 00723  1248   NtAllocateVirtualMemory  (-1, 20701184, 0, 8192, 4096, 4, ... 20701184, 8192, ) == 0x0
 00724  1248   NtProtectVirtualMemory  (-1, (0x13be000), 4096, 260, ...
 00718  1580   NtProtectVirtualMemory  ... (0x662b1000), 4096, 4, ) == 0x0
 00725   460   NtWaitForSingleObject  (88, 0, 0x0, ...
 00726  1580   NtFlushInstructionCache  (-1, 1714098176, 932, ... ) == 0x0
 00727  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 932, 4, ... (0x662b1000), 4096, 32, ) == 0x0
 00728  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 4096, 32, ... (0x662b1000), 4096, 4, ) == 0x0
 00729  1580   NtFlushInstructionCache  (-1, 1714098176, 932, ... ) == 0x0
 00730  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 932, 4, ... (0x662b1000), 4096, 32, ) == 0x0
 00731  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 4096, 32, ...
 00724  1248   NtProtectVirtualMemory  ... (0x13be000), 4096, 4, ) == 0x0
 00732  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 148, {1656, 1068}, ) == 0x0
 00733  1248   NtQueryInformationThread  (148, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffaf000,Pid=1656,Tid=1068,}, 0x0, ) == 0x0
 00734  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57950, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57950, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0x\6\0\0,\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 57951, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0x\6\0\0,\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57951, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57950, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0x\6\0\0,\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 57951, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\0\0\0x\6\0\0,\4\0\0" )  ) == 0x0
 00735  1248   NtResumeThread  (148, ... 1, ) == 0x0
 00736  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 20709376, 1048576, ) == 0x0
 00731  1580   NtProtectVirtualMemory  ... (0x662b1000), 4096, 4, ) == 0x0
 00737  1068   NtWaitForSingleObject  (88, 0, 0x0, ...
 00738  1580   NtFlushInstructionCache  (-1, 1714098176, 932, ... ) == 0x0
 00739  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 932, 4, ... (0x662b1000), 4096, 32, ) == 0x0
 00740  1580   NtProtectVirtualMemory  (-1, (0x662b1000), 4096, 32, ... (0x662b1000), 4096, 4, ) == 0x0
 00741  1580   NtFlushInstructionCache  (-1, 1714098176, 932, ... ) == 0x0
 00742  1580   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hnetcfg.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00743  1580   NtSetEventBoostPriority  (88, ...
 00744  1248   NtAllocateVirtualMemory  (-1, 21749760, 0, 8192, 4096, 4, ... 21749760, 8192, ) == 0x0
 00745  1248   NtProtectVirtualMemory  (-1, (0x14be000), 4096, 260, ... (0x14be000), 4096, 4, ) == 0x0
 00746  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 156, {1656, 1856}, ) == 0x0
 00747  1248   NtQueryInformationThread  (156, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffae000,Pid=1656,Tid=1856,}, 0x0, ) == 0x0
 00748  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57951, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57951, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0x\6\0\0@\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57952, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0x\6\0\0@\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57952, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57951, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0x\6\0\0@\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57952, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\0\0\0x\6\0\0@\7\0\0" )  ) == 0x0
 00749  1248   NtResumeThread  (156, ...
 00690  1756   NtWaitForSingleObject  ... ) == 0x0
 00743  1580   NtSetEventBoostPriority  ... ) == 0x0
 00750  1756   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\mswsock.dll"}, 12053456, ... }, 12053456, ...
 00751  1580   NtWaitForSingleObject  (88, 0, 0x0, ...
 00750  1756   NtQueryAttributesFile  ... ) == 0x0
 00752  1756   NtSetEventBoostPriority  (88, ...
 00712  1556   NtWaitForSingleObject  ... ) == 0x0
 00753  1556   NtSetEventBoostPriority  (88, ...
 00725   460   NtWaitForSingleObject  ... ) == 0x0
 00754   460   NtSetEventBoostPriority  (88, ...
 00737  1068   NtWaitForSingleObject  ... ) == 0x0
 00755  1068   NtSetEventBoostPriority  (88, ...
 00751  1580   NtWaitForSingleObject  ... ) == 0x0
 00756  1580   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00755  1068   NtSetEventBoostPriority  ... ) == 0x0
 00754   460   NtSetEventBoostPriority  ... ) == 0x0
 00753  1556   NtSetEventBoostPriority  ... ) == 0x0
 00752  1756   NtSetEventBoostPriority  ... ) == 0x0
 00749  1248   NtResumeThread  ... 1, ) == 0x0
 00757  1580   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Rpc\PagedBuffers"}, ... }, ...
 00758  1856   NtTestAlert  (...
 00759  1068   NtTestAlert  (...
 00760   460   NtTestAlert  (...
 00761  1756   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 00762  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 00757  1580   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00758  1856   NtTestAlert  ... ) == 0x0
 00759  1068   NtTestAlert  ... ) == 0x0
 00760   460   NtTestAlert  ... ) == 0x0
 00761  1756   NtCreateEvent  ... 160, ) == 0x0
 00762  1248   NtAllocateVirtualMemory  ... 21757952, 1048576, ) == 0x0
 00763  1580   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Rpc"}, ... }, ...
 00764  1856   NtContinue  (21757232, 1, ...
 00765  1068   NtContinue  (20708656, 1, ...
 00766   460   NtContinue  (19660080, 1, ...
 00767  1756   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "DNSAPI.dll"}, ... }, ...
 00768  1248   NtAllocateVirtualMemory  (-1, 22798336, 0, 8192, 4096, 4, ...
 00763  1580   NtOpenKey  ... 164, ) == 0x0
 00769  1856   NtRegisterThreadTerminatePort  (24, ...
 00770  1068   NtRegisterThreadTerminatePort  (24, ...
 00771   460   NtRegisterThreadTerminatePort  (24, ...
 00767  1756   NtOpenSection  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00768  1248   NtAllocateVirtualMemory  ... 22798336, 8192, ) == 0x0
 00772  1580   NtQueryValueKey  (164,  (164, "MaxRpcSize", Partial, 144, ... , Partial, 144, ...
 00769  1856   NtRegisterThreadTerminatePort  ... ) == 0x0
 00770  1068   NtRegisterThreadTerminatePort  ... ) == 0x0
 00771   460   NtRegisterThreadTerminatePort  ... ) == 0x0
 00773  1756   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\DNSAPI.dll"}, 12053560, ... }, 12053560, ...
 00774  1248   NtProtectVirtualMemory  (-1, (0x15be000), 4096, 260, ...
 00772  1580   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00775  1556   NtTestAlert  (...
 00776  1068   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00777   460   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00778  1856   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00774  1248   NtProtectVirtualMemory  ... (0x15be000), 4096, 4, ) == 0x0
 00775  1556   NtTestAlert  ... ) == 0x0
 00779  1580   NtClose  (164, ...
 00776  1068   NtDuplicateObject  ... 168, ) == 0x0
 00778  1856   NtDuplicateObject  ... 172, ) == 0x0
 00780  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 00781  1556   NtContinue  (18611504, 1, ...
 00779  1580   NtClose  ... ) == 0x0
 00782  1068   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00783  1856   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00780  1248   NtCreateThread  ... 164, {1656, 1596}, ) == 0x0
 00784  1556   NtRegisterThreadTerminatePort  (24, ...
 00785  1580   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe\RpcThreadPoolThrottle"}, ... }, ...
 00782  1068   NtWaitForSingleObject  ... ) == 0x102
 00783  1856   NtWaitForSingleObject  ... ) == 0x102
 00786  1248   NtQueryInformationThread  (164, Basic, 28, ...
 00784  1556   NtRegisterThreadTerminatePort  ... ) == 0x0
 00785  1580   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00787  1068   NtWaitForSingleObject  (136, 0, 0x0, ...
 00788  1856   NtWaitForSingleObject  (136, 0, 0x0, ...
 00786  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffad000,Pid=1656,Tid=1596,}, 0x0, ) == 0x0
 00789  1556   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00790  1580   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ...
 00777   460   NtDuplicateObject  ... 176, ) == 0x0
 00791  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57952, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57952, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0x\6\0\0<\6\0\0" ...  ...
 00790  1580   NtCreateEvent  ... 180, ) == 0x0
 00792   460   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00789  1556   NtDuplicateObject  ... 184, ) == 0x0
 00773  1756   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00791  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57953, 0}  ... {28, 56, reply, 0, 1656, 1248, 57953, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\0\0\0x\6\0\0<\6\0\0" )  ) == 0x0
 00792   460   NtWaitForSingleObject  ... ) == 0x102
 00793  1556   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 00794  1756   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\DNSAPI.dll"}, 12053560, ... }, 12053560, ...
 00795  1248   NtResumeThread  (164, ...
 00796   460   NtWaitForSingleObject  (136, 0, 0x0, ...
 00793  1556   NtWaitForSingleObject  ... ) == 0x102
 00794  1756   NtQueryAttributesFile  ... ) == 0x0
 00795  1248   NtResumeThread  ... 1, ) == 0x0
 00797  1556   NtWaitForSingleObject  (136, 0, 0x0, ...
 00798  1580   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ...
 00799  1596   NtWaitForSingleObject  (88, 0, 0x0, ...
 00800  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 00798  1580   NtCreateEvent  ... 188, ) == 0x0
 00800  1248   NtAllocateVirtualMemory  ... 22806528, 1048576, ) == 0x0
 00801  1580   NtQuerySystemTime  (...
 00802  1756   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\DNSAPI.dll"}, 5, 96, ... }, 5, 96, ...
 00801  1580   NtQuerySystemTime  ... {-1043028558, 29915147}, ) == 0x0
 00802  1756   NtOpenFile  ... 192, {status=0x0, info=1}, ) == 0x0
 00803  1580   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 00804  1756   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 192, ...
 00803  1580   NtCreateEvent  ... 196, ) == 0x0
 00804  1756   NtCreateSection  ... 200, ) == 0x0
 00805  1248   NtAllocateVirtualMemory  (-1, 23846912, 0, 8192, 4096, 4, ...
 00806  1756   NtQuerySection  (200, Image, 48, ...
 00805  1248   NtAllocateVirtualMemory  ... 23846912, 8192, ) == 0x0
 00806  1756   NtQuerySection  ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00807  1248   NtProtectVirtualMemory  (-1, (0x16be000), 4096, 260, ...
 00808  1580   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Policies\Microsoft\Windows NT\Rpc"}, ... }, ...
 00807  1248   NtProtectVirtualMemory  ... (0x16be000), 4096, 4, ) == 0x0
 00808  1580   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00809  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 00810  1580   NtQuerySystemInformation  (Performance, 312, ...
 00809  1248   NtCreateThread  ... 204, {1656, 1128}, ) == 0x0
 00810  1580   NtQuerySystemInformation  ... {system info, class 2, size 312}, 0x0, ) == 0x0
 00811  1756   NtClose  (192, ...
 00812  1580   NtQueryInformationProcess  (-1, QuotaLimits, 32, ...
 00811  1756   NtClose  ... ) == 0x0
 00812  1580   NtQueryInformationProcess  ... {process info, class 1, size 32}, 0x0, ) == 0x0
 00813  1756   NtMapViewOfSection  (200, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 00814  1248   NtQueryInformationThread  (204, Basic, 28, ...
 00813  1756   NtMapViewOfSection  ... (0x76f20000), 0x0, 159744, ) == 0x0
 00814  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffac000,Pid=1656,Tid=1128,}, 0x0, ) == 0x0
 00815  1756   NtClose  (200, ...
 00816  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57953, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57953, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0x\6\0\0h\4\0\0" ...  ...
 00815  1756   NtClose  ... ) == 0x0
 00816  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57954, 0}  ... {28, 56, reply, 0, 1656, 1248, 57954, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\0\0\0x\6\0\0h\4\0\0" )  ) == 0x0
 00817  1580   NtQueryInformationProcess  (-1, VmCounters, 44, ...
 00818  1248   NtResumeThread  (204, ...
 00817  1580   NtQueryInformationProcess  ... {process info, class 3, size 44}, 0x0, ) == 0x0
 00819  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 616, 4, ...
 00820  1580   NtWaitForSingleObject  (88, 0, 0x0, ...
 00819  1756   NtProtectVirtualMemory  ... (0x76f21000), 4096, 32, ) == 0x0
 00821  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 4096, 32, ... (0x76f21000), 4096, 4, ) == 0x0
 00822  1756   NtFlushInstructionCache  (-1, 1995575296, 616, ... ) == 0x0
 00823  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 616, 4, ... (0x76f21000), 4096, 32, ) == 0x0
 00824  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 4096, 32, ... (0x76f21000), 4096, 4, ) == 0x0
 00825  1756   NtFlushInstructionCache  (-1, 1995575296, 616, ... ) == 0x0
 00818  1248   NtResumeThread  ... 1, ) == 0x0
 00826  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 23855104, 1048576, ) == 0x0
 00827  1248   NtAllocateVirtualMemory  (-1, 24895488, 0, 8192, 4096, 4, ... 24895488, 8192, ) == 0x0
 00828  1248   NtProtectVirtualMemory  (-1, (0x17be000), 4096, 260, ... (0x17be000), 4096, 4, ) == 0x0
 00829  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 200, {1656, 1256}, ) == 0x0
 00830  1248   NtQueryInformationThread  (200, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffab000,Pid=1656,Tid=1256,}, 0x0, ) == 0x0
 00831  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57954, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57954, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0x\6\0\0\350\4\0\0" ...  ...
 00832  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 616, 4, ...
 00833  1128   NtWaitForSingleObject  (88, 0, 0x0, ...
 00832  1756   NtProtectVirtualMemory  ... (0x76f21000), 4096, 32, ) == 0x0
 00834  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 4096, 32, ... (0x76f21000), 4096, 4, ) == 0x0
 00835  1756   NtFlushInstructionCache  (-1, 1995575296, 616, ... ) == 0x0
 00836  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 616, 4, ... (0x76f21000), 4096, 32, ) == 0x0
 00837  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 4096, 32, ... (0x76f21000), 4096, 4, ) == 0x0
 00838  1756   NtFlushInstructionCache  (-1, 1995575296, 616, ... ) == 0x0
 00831  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57955, 0}  ... {28, 56, reply, 0, 1656, 1248, 57955, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\0\0\0x\6\0\0\350\4\0\0" )  ) == 0x0
 00839  1248   NtResumeThread  (200, ... 1, ) == 0x0
 00840  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 24903680, 1048576, ) == 0x0
 00841  1248   NtAllocateVirtualMemory  (-1, 25944064, 0, 8192, 4096, 4, ... 25944064, 8192, ) == 0x0
 00842  1248   NtProtectVirtualMemory  (-1, (0x18be000), 4096, 260, ... (0x18be000), 4096, 4, ) == 0x0
 00843  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 192, {1656, 220}, ) == 0x0
 00844  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 616, 4, ...
 00845  1256   NtWaitForSingleObject  (88, 0, 0x0, ...
 00844  1756   NtProtectVirtualMemory  ... (0x76f21000), 4096, 32, ) == 0x0
 00846  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 4096, 32, ... (0x76f21000), 4096, 4, ) == 0x0
 00847  1756   NtFlushInstructionCache  (-1, 1995575296, 616, ... ) == 0x0
 00848  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 616, 4, ... (0x76f21000), 4096, 32, ) == 0x0
 00849  1756   NtProtectVirtualMemory  (-1, (0x76f21000), 4096, 32, ... (0x76f21000), 4096, 4, ) == 0x0
 00850  1756   NtFlushInstructionCache  (-1, 1995575296, 616, ... ) == 0x0
 00851  1248   NtQueryInformationThread  (192, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffaa000,Pid=1656,Tid=220,}, 0x0, ) == 0x0
 00852  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57955, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57955, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0x\6\0\0\334\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 57956, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0x\6\0\0\334\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57956, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57955, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0x\6\0\0\334\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 57956, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\0\0\0x\6\0\0\334\0\0\0" )  ) == 0x0
 00853  1248   NtResumeThread  (192, ... 1, ) == 0x0
 00854  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 25952256, 1048576, ) == 0x0
 00855  1248   NtAllocateVirtualMemory  (-1, 26992640, 0, 8192, 4096, 4, ... 26992640, 8192, ) == 0x0
 00856  1248   NtProtectVirtualMemory  (-1, (0x19be000), 4096, 260, ...
 00857  1756   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DNSAPI.dll"}, ... }, ...
 00858   220   NtWaitForSingleObject  (88, 0, 0x0, ...
 00857  1756   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00859  1756   NtCreateKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... 208, 2, ) }, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... 208, 2, ) , 0, ... 208, 2, ) == 0x0
 00860  1756   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\DnsCache\Parameters"}, ... 212, ) }, ... 212, ) == 0x0
 00861  1756   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Policies\Microsoft\Windows NT\DnsClient"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00862  1756   NtQueryValueKey  (212,  (212, "QueryAdapterName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00863  1756   NtQueryValueKey  (208,  (208, "DisableAdapterDomainName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00856  1248   NtProtectVirtualMemory  ... (0x19be000), 4096, 4, ) == 0x0
 00864  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 216, {1656, 1800}, ) == 0x0
 00865  1248   NtQueryInformationThread  (216, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa9000,Pid=1656,Tid=1800,}, 0x0, ) == 0x0
 00866  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57956, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57956, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0x\6\0\0\10\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57957, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0x\6\0\0\10\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57957, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57956, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0x\6\0\0\10\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57957, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\0\0\0x\6\0\0\10\7\0\0" )  ) == 0x0
 00867  1248   NtResumeThread  (216, ... 1, ) == 0x0
 00868  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 27000832, 1048576, ) == 0x0
 00869  1756   NtQueryValueKey  (212,  (212, "UseDomainNameDevolution", Partial, 144, ... , Partial, 144, ...
 00870  1800   NtWaitForSingleObject  (88, 0, 0x0, ...
 00869  1756   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00871  1756   NtQueryValueKey  (208,  (208, "UseDomainNameDevolution", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (208, "UseDomainNameDevolution", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00872  1756   NtQueryValueKey  (212,  (212, "PrioritizeRecordData", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00873  1756   NtQueryValueKey  (208,  (208, "PrioritizeRecordData", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00874  1756   NtQueryValueKey  (212,  (212, "AllowUnqualifiedQuery", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00875  1756   NtQueryValueKey  (208,  (208, "AllowUnqualifiedQuery", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00876  1248   NtAllocateVirtualMemory  (-1, 28041216, 0, 8192, 4096, 4, ... 28041216, 8192, ) == 0x0
 00877  1248   NtProtectVirtualMemory  (-1, (0x1abe000), 4096, 260, ... (0x1abe000), 4096, 4, ) == 0x0
 00878  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 220, {1656, 1796}, ) == 0x0
 00879  1248   NtQueryInformationThread  (220, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa8000,Pid=1656,Tid=1796,}, 0x0, ) == 0x0
 00880  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57957, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57957, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0x\6\0\0\4\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57958, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0x\6\0\0\4\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57958, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57957, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0x\6\0\0\4\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57958, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\0\0\0x\6\0\0\4\7\0\0" )  ) == 0x0
 00881  1248   NtResumeThread  (220, ...
 00882  1756   NtQueryValueKey  (212,  (212, "AppendToMultiLabelName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00883  1756   NtQueryValueKey  (212,  (212, "ScreenBadTlds", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00884  1756   NtQueryValueKey  (212,  (212, "ScreenUnreachableServers", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00885  1756   NtQueryValueKey  (212,  (212, "FilterClusterIp", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00886  1756   NtQueryValueKey  (212,  (212, "WaitForNameErrorOnAll", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00887  1756   NtQueryValueKey  (212,  (212, "UseEdns", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00881  1248   NtResumeThread  ... 1, ) == 0x0
 00888  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 28049408, 1048576, ) == 0x0
 00889  1248   NtAllocateVirtualMemory  (-1, 29089792, 0, 8192, 4096, 4, ... 29089792, 8192, ) == 0x0
 00890  1248   NtProtectVirtualMemory  (-1, (0x1bbe000), 4096, 260, ... (0x1bbe000), 4096, 4, ) == 0x0
 00891  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 224, {1656, 1808}, ) == 0x0
 00892  1248   NtQueryInformationThread  (224, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa7000,Pid=1656,Tid=1808,}, 0x0, ) == 0x0
 00893  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57958, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57958, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0x\6\0\0\20\7\0\0" ...  ...
 00894  1756   NtQueryValueKey  (212,  (212, "QueryIpMatching", Partial, 144, ... , Partial, 144, ...
 00895  1796   NtWaitForSingleObject  (88, 0, 0x0, ...
 00894  1756   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00896  1756   NtQueryValueKey  (212,  (212, "UseHostsFile", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00897  1756   NtQueryValueKey  (212,  (212, "RegistrationEnabled", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00898  1756   NtQueryValueKey  (208,  (208, "DisableDynamicUpdate", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00899  1756   NtQueryValueKey  (212,  (212, "RegisterPrimaryName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00900  1756   NtQueryValueKey  (212,  (212, "RegisterAdapterName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00893  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57959, 0}  ... {28, 56, reply, 0, 1656, 1248, 57959, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\0\0\0x\6\0\0\20\7\0\0" )  ) == 0x0
 00901  1248   NtResumeThread  (224, ... 1, ) == 0x0
 00902  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 29097984, 1048576, ) == 0x0
 00903  1248   NtAllocateVirtualMemory  (-1, 30138368, 0, 8192, 4096, 4, ... 30138368, 8192, ) == 0x0
 00904  1248   NtProtectVirtualMemory  (-1, (0x1cbe000), 4096, 260, ...
 00905  1756   NtQueryValueKey  (208,  (208, "EnableAdapterDomainNameRegistration", Partial, 144, ... , Partial, 144, ...
 00906  1808   NtWaitForSingleObject  (88, 0, 0x0, ...
 00905  1756   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00907  1756   NtQueryValueKey  (212,  (212, "RegisterReverseLookup", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00908  1756   NtQueryValueKey  (208,  (208, "DisableReverseAddressRegistrations", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00909  1756   NtQueryValueKey  (212,  (212, "RegisterWanAdapters", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00910  1756   NtQueryValueKey  (208,  (208, "DisableWanDynamicUpdate", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00911  1756   NtQueryValueKey  (212,  (212, "RegistrationTtl", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00904  1248   NtProtectVirtualMemory  ... (0x1cbe000), 4096, 4, ) == 0x0
 00912  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 228, {1656, 1700}, ) == 0x0
 00913  1248   NtQueryInformationThread  (228, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa6000,Pid=1656,Tid=1700,}, 0x0, ) == 0x0
 00914  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57959, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57959, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0x\6\0\0\244\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57960, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0x\6\0\0\244\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57960, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57959, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0x\6\0\0\244\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57960, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\0\0\0x\6\0\0\244\6\0\0" )  ) == 0x0
 00915  1248   NtResumeThread  (228, ... 1, ) == 0x0
 00916  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 30146560, 1048576, ) == 0x0
 00917  1756   NtQueryValueKey  (208,  (208, "DefaultRegistrationTTL", Partial, 144, ... , Partial, 144, ...
 00918  1700   NtWaitForSingleObject  (88, 0, 0x0, ...
 00917  1756   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00919  1756   NtQueryValueKey  (212,  (212, "RegistrationRefreshInterval", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00920  1756   NtQueryValueKey  (208,  (208, "DefaultRegistrationRefreshInterval", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00921  1756   NtQueryValueKey  (212,  (212, "RegistrationMaxAddressCount", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00922  1756   NtQueryValueKey  (208,  (208, "MaxNumberOfAddressesToRegister", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00923  1756   NtQueryValueKey  (212,  (212, "UpdateSecurityLevel", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00924  1248   NtAllocateVirtualMemory  (-1, 31186944, 0, 8192, 4096, 4, ... 31186944, 8192, ) == 0x0
 00925  1248   NtProtectVirtualMemory  (-1, (0x1dbe000), 4096, 260, ... (0x1dbe000), 4096, 4, ) == 0x0
 00926  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 232, {1656, 1156}, ) == 0x0
 00927  1248   NtQueryInformationThread  (232, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa5000,Pid=1656,Tid=1156,}, 0x0, ) == 0x0
 00928  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57960, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57960, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0x\6\0\0\204\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 57961, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0x\6\0\0\204\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57961, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57960, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0x\6\0\0\204\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 57961, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\0\0\0x\6\0\0\204\4\0\0" )  ) == 0x0
 00929  1248   NtResumeThread  (232, ...
 00930  1756   NtQueryValueKey  (208,  (208, "UpdateSecurityLevel", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00931  1756   NtQueryValueKey  (212,  (212, "UpdateZoneExcludeFile", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00932  1756   NtQueryValueKey  (212,  (212, "UpdateTopLevelDomainZones", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00933  1756   NtQueryValueKey  (212,  (212, "DnsTest", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00934  1756   NtQueryValueKey  (212,  (212, "MaxCacheSize", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00935  1756   NtQueryValueKey  (212,  (212, "MaxCacheTtl", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00929  1248   NtResumeThread  ... 1, ) == 0x0
 00936  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 31195136, 1048576, ) == 0x0
 00937  1248   NtAllocateVirtualMemory  (-1, 32235520, 0, 8192, 4096, 4, ... 32235520, 8192, ) == 0x0
 00938  1248   NtProtectVirtualMemory  (-1, (0x1ebe000), 4096, 260, ... (0x1ebe000), 4096, 4, ) == 0x0
 00939  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 236, {1656, 712}, ) == 0x0
 00940  1248   NtQueryInformationThread  (236, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa4000,Pid=1656,Tid=712,}, 0x0, ) == 0x0
 00941  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57961, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57961, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0x\6\0\0\310\2\0\0" ...  ...
 00942  1756   NtQueryValueKey  (212,  (212, "MaxNegativeCacheTtl", Partial, 144, ... , Partial, 144, ...
 00943  1156   NtWaitForSingleObject  (88, 0, 0x0, ...
 00942  1756   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00944  1756   NtQueryValueKey  (212,  (212, "AdapterTimeoutLimit", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00945  1756   NtQueryValueKey  (212,  (212, "ServerPriorityTimeLimit", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00946  1756   NtQueryValueKey  (212,  (212, "MaxCachedSockets", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00947  1756   NtQueryValueKey  (212,  (212, "MulticastListenLevel", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00948  1756   NtQueryValueKey  (212,  (212, "MulticastSendLevel", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00941  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57962, 0}  ... {28, 56, reply, 0, 1656, 1248, 57962, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\0\0\0x\6\0\0\310\2\0\0" )  ) == 0x0
 00949  1248   NtResumeThread  (236, ... 1, ) == 0x0
 00950  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 32243712, 1048576, ) == 0x0
 00951  1248   NtAllocateVirtualMemory  (-1, 33284096, 0, 8192, 4096, 4, ... 33284096, 8192, ) == 0x0
 00952  1248   NtProtectVirtualMemory  (-1, (0x1fbe000), 4096, 260, ... (0x1fbe000), 4096, 4, ) == 0x0
 00953  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 240, {1656, 1728}, ) == 0x0
 00954  1756   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "System\Setup"}, ... }, ...
 00955   712   NtWaitForSingleObject  (88, 0, 0x0, ...
 00954  1756   NtOpenKey  ... 244, ) == 0x0
 00956  1756   NtQueryValueKey  (244,  (244, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (244, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00957  1756   NtClose  (244, ... ) == 0x0
 00958  1756   NtClose  (208, ... ) == 0x0
 00959  1756   NtClose  (212, ... ) == 0x0
 00960  1756   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, ... 212, ) }, ... 212, ) == 0x0
 00961  1248   NtQueryInformationThread  (240, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa3000,Pid=1656,Tid=1728,}, 0x0, ) == 0x0
 00962  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57962, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57962, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0x\6\0\0\300\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57963, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0x\6\0\0\300\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57963, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57962, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0x\6\0\0\300\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57963, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\0\0\0x\6\0\0\300\6\0\0" )  ) == 0x0
 00963  1248   NtResumeThread  (240, ... 1, ) == 0x0
 00964  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 33292288, 1048576, ) == 0x0
 00965  1248   NtAllocateVirtualMemory  (-1, 34332672, 0, 8192, 4096, 4, ... 34332672, 8192, ) == 0x0
 00966  1248   NtProtectVirtualMemory  (-1, (0x20be000), 4096, 260, ...
 00967  1756   NtQueryValueKey  (212,  (212, "DnsQueryTimeouts", Partial, 144, ... , Partial, 144, ...
 00968  1728   NtWaitForSingleObject  (88, 0, 0x0, ...
 00967  1756   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00969  1756   NtQueryValueKey  (212,  (212, "DnsQuickQueryTimeouts", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00970  1756   NtQueryValueKey  (212,  (212, "DnsMulticastQueryTimeouts", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00971  1756   NtClose  (212, ... ) == 0x0
 00972  1756   NtSetEventBoostPriority  (88, ...
 00799  1596   NtWaitForSingleObject  ... ) == 0x0
 00973  1596   NtSetEventBoostPriority  (88, ...
 00820  1580   NtWaitForSingleObject  ... ) == 0x0
 00974  1580   NtSetEventBoostPriority  (88, ...
 00833  1128   NtWaitForSingleObject  ... ) == 0x0
 00975  1128   NtSetEventBoostPriority  (88, ...
 00845  1256   NtWaitForSingleObject  ... ) == 0x0
 00976  1256   NtSetEventBoostPriority  (88, ...
 00858   220   NtWaitForSingleObject  ... ) == 0x0
 00977   220   NtSetEventBoostPriority  (88, ...
 00870  1800   NtWaitForSingleObject  ... ) == 0x0
 00978  1800   NtSetEventBoostPriority  (88, ...
 00895  1796   NtWaitForSingleObject  ... ) == 0x0
 00979  1796   NtSetEventBoostPriority  (88, ...
 00906  1808   NtWaitForSingleObject  ... ) == 0x0
 00980  1808   NtSetEventBoostPriority  (88, ...
 00918  1700   NtWaitForSingleObject  ... ) == 0x0
 00981  1700   NtSetEventBoostPriority  (88, ...
 00943  1156   NtWaitForSingleObject  ... ) == 0x0
 00982  1156   NtSetEventBoostPriority  (88, ...
 00955   712   NtWaitForSingleObject  ... ) == 0x0
 00983   712   NtSetEventBoostPriority  (88, ...
 00968  1728   NtWaitForSingleObject  ... ) == 0x0
 00984  1728   NtTestAlert  (... ) == 0x0
 00983   712   NtSetEventBoostPriority  ... ) == 0x0
 00982  1156   NtSetEventBoostPriority  ... ) == 0x0
 00981  1700   NtSetEventBoostPriority  ... ) == 0x0
 00980  1808   NtSetEventBoostPriority  ... ) == 0x0
 00979  1796   NtSetEventBoostPriority  ... ) == 0x0
 00978  1800   NtSetEventBoostPriority  ... ) == 0x0
 00977   220   NtSetEventBoostPriority  ... ) == 0x0
 00976  1256   NtSetEventBoostPriority  ... ) == 0x0
 00975  1128   NtSetEventBoostPriority  ... ) == 0x0
 00974  1580   NtSetEventBoostPriority  ... ) == 0x0
 00973  1596   NtSetEventBoostPriority  ... ) == 0x0
 00972  1756   NtSetEventBoostPriority  ... ) == 0x0
 00966  1248   NtProtectVirtualMemory  ... (0x20be000), 4096, 4, ) == 0x0
 00985  1728   NtContinue  (33291568, 1, ...
 00986   712   NtTestAlert  (...
 00987  1156   NtTestAlert  (...
 00988  1700   NtTestAlert  (...
 00989  1808   NtTestAlert  (...
 00990  1796   NtTestAlert  (...
 00991  1800   NtTestAlert  (...
 00992   220   NtTestAlert  (...
 00993  1256   NtTestAlert  (...
 00994  1128   NtTestAlert  (...
 00995  1580   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 00996  1756   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 00997  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 00998  1728   NtRegisterThreadTerminatePort  (24, ...
 00986   712   NtTestAlert  ... ) == 0x0
 00987  1156   NtTestAlert  ... ) == 0x0
 00988  1700   NtTestAlert  ... ) == 0x0
 00989  1808   NtTestAlert  ... ) == 0x0
 00990  1796   NtTestAlert  ... ) == 0x0
 00991  1800   NtTestAlert  ... ) == 0x0
 00992   220   NtTestAlert  ... ) == 0x0
 00993  1256   NtTestAlert  ... ) == 0x0
 00994  1128   NtTestAlert  ... ) == 0x0
 00995  1580   NtCreateEvent  ... 212, ) == 0x0
 00996  1756   NtCreateEvent  ... 208, ) == 0x0
 00997  1248   NtCreateThread  ... 244, {1656, 1356}, ) == 0x0
 00998  1728   NtRegisterThreadTerminatePort  ... ) == 0x0
 00999   712   NtContinue  (32242992, 1, ...
 01000  1156   NtContinue  (31194416, 1, ...
 01001  1700   NtContinue  (30145840, 1, ...
 01002  1808   NtContinue  (29097264, 1, ...
 01003  1796   NtContinue  (28048688, 1, ...
 01004  1800   NtContinue  (27000112, 1, ...
 01005   220   NtContinue  (25951536, 1, ...
 01006  1256   NtContinue  (24902960, 1, ...
 01007  1128   NtContinue  (23854384, 1, ...
 01008  1580   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01009  1596   NtTestAlert  (...
 01010  1248   NtQueryInformationThread  (244, Basic, 28, ...
 01011  1728   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01012   712   NtRegisterThreadTerminatePort  (24, ...
 01013  1156   NtRegisterThreadTerminatePort  (24, ...
 01014  1700   NtRegisterThreadTerminatePort  (24, ...
 01015  1808   NtRegisterThreadTerminatePort  (24, ...
 01016  1796   NtRegisterThreadTerminatePort  (24, ...
 01017  1800   NtRegisterThreadTerminatePort  (24, ...
 01018   220   NtRegisterThreadTerminatePort  (24, ...
 01019  1256   NtRegisterThreadTerminatePort  (24, ...
 01020  1128   NtRegisterThreadTerminatePort  (24, ...
 01008  1580   NtDuplicateObject  ... 248, ) == 0x0
 01009  1596   NtTestAlert  ... ) == 0x0
 01010  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffa2000,Pid=1656,Tid=1356,}, 0x0, ) == 0x0
 01011  1728   NtDuplicateObject  ... 252, ) == 0x0
 01012   712   NtRegisterThreadTerminatePort  ... ) == 0x0
 01013  1156   NtRegisterThreadTerminatePort  ... ) == 0x0
 01014  1700   NtRegisterThreadTerminatePort  ... ) == 0x0
 01015  1808   NtRegisterThreadTerminatePort  ... ) == 0x0
 01016  1796   NtRegisterThreadTerminatePort  ... ) == 0x0
 01017  1800   NtRegisterThreadTerminatePort  ... ) == 0x0
 01018   220   NtRegisterThreadTerminatePort  ... ) == 0x0
 01019  1256   NtRegisterThreadTerminatePort  ... ) == 0x0
 01020  1128   NtRegisterThreadTerminatePort  ... ) == 0x0
 01021  1580   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Rpc\SecurityService"}, ... }, ...
 01022  1596   NtContinue  (22805808, 1, ...
 01023  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57963, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57963, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0x\6\0\0L\5\0\0" ...  ...
 01024  1728   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01025   712   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01026  1156   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01027  1700   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01028  1808   NtAllocateVirtualMemory  (-1, 1368064, 0, 4096, 4096, 4, ...
 01029  1796   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01030  1800   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01031   220   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01032  1256   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01033  1128   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01034  1596   NtRegisterThreadTerminatePort  (24, ...
 01035  1756   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01021  1580   NtOpenKey  ... 256, ) == 0x0
 01023  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57964, 0}  ... {28, 56, reply, 0, 1656, 1248, 57964, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\0\0\0x\6\0\0L\5\0\0" )  ) == 0x0
 01024  1728   NtWaitForSingleObject  ... ) == 0x102
 01025   712   NtDuplicateObject  ... 260, ) == 0x0
 01026  1156   NtDuplicateObject  ... 264, ) == 0x0
 01027  1700   NtDuplicateObject  ... 268, ) == 0x0
 01028  1808   NtAllocateVirtualMemory  ... 1368064, 4096, ) == 0x0
 01029  1796   NtCreateEvent  ... 272, ) == 0x0
 01030  1800   NtCreateEvent  ... 276, ) == 0x0
 01031   220   NtCreateEvent  ... 280, ) == 0x0
 01032  1256   NtCreateEvent  ... 284, ) == 0x0
 01034  1596   NtRegisterThreadTerminatePort  ... ) == 0x0
 01035  1756   NtDuplicateObject  ... 288, ) == 0x0
 01036  1580   NtQueryValueKey  (256,  (256, "DefaultAuthLevel", Partial, 144, ... , Partial, 144, ...
 01037  1248   NtResumeThread  (244, ...
 01038  1728   NtWaitForSingleObject  (136, 0, 0x0, ...
 01039   712   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01040  1156   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01041  1700   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01042  1808   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01043  1796   NtWaitForSingleObject  (272, 0, 0x0, ...
 01044  1800   NtClose  (276, ...
 01045   220   NtClose  (280, ...
 01046  1256   NtClose  (284, ...
 01047  1596   NtWaitForSingleObject  (272, 0, 0x0, ...
 01048  1756   NtWaitForSingleObject  (272, 0, 0x0, ...
 01036  1580   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01037  1248   NtResumeThread  ... 1, ) == 0x0
 01039   712   NtCreateEvent  ... 292, ) == 0x0
 01040  1156   NtCreateEvent  ... 296, ) == 0x0
 01041  1700   NtCreateEvent  ... 300, ) == 0x0
 01042  1808   NtCreateEvent  ... 304, ) == 0x0
 01044  1800   NtClose  ... ) == 0x0
 01045   220   NtClose  ... ) == 0x0
 01046  1256   NtClose  ... ) == 0x0
 01033  1128   NtCreateEvent  ... 284, ) == 0x0
 01049  1356   NtTestAlert  (...
 01050  1580   NtClose  (256, ...
 01051  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01052   712   NtClose  (292, ...
 01053  1156   NtClose  (296, ...
 01054  1700   NtClose  (300, ...
 01055  1808   NtClose  (304, ...
 01056  1800   NtWaitForSingleObject  (272, 0, 0x0, ...
 01057   220   NtWaitForSingleObject  (272, 0, 0x0, ...
 01058  1256   NtWaitForSingleObject  (272, 0, 0x0, ...
 01059  1128   NtClose  (284, ...
 01049  1356   NtTestAlert  ... ) == 0x0
 01050  1580   NtClose  ... ) == 0x0
 01051  1248   NtAllocateVirtualMemory  ... 34340864, 1048576, ) == 0x0
 01052   712   NtClose  ... ) == 0x0
 01053  1156   NtClose  ... ) == 0x0
 01054  1700   NtClose  ... ) == 0x0
 01055  1808   NtClose  ... ) == 0x0
 01059  1128   NtClose  ... ) == 0x0
 01060  1356   NtContinue  (34340144, 1, ...
 01061  1580   NtWaitForSingleObject  (272, 0, 0x0, ...
 01062   712   NtWaitForSingleObject  (272, 0, 0x0, ...
 01063  1156   NtWaitForSingleObject  (272, 0, 0x0, ...
 01064  1700   NtWaitForSingleObject  (272, 0, 0x0, ...
 01065  1808   NtSetEventBoostPriority  (272, ...
 01066  1128   NtWaitForSingleObject  (272, 0, 0x0, ...
 01067  1356   NtRegisterThreadTerminatePort  (24, ...
 01068  1248   NtAllocateVirtualMemory  (-1, 35381248, 0, 8192, 4096, 4, ...
 01067  1356   NtRegisterThreadTerminatePort  ... ) == 0x0
 01068  1248   NtAllocateVirtualMemory  ... 35381248, 8192, ) == 0x0
 01043  1796   NtWaitForSingleObject  ... ) == 0x0
 01065  1808   NtSetEventBoostPriority  ... ) == 0x0
 01069  1248   NtProtectVirtualMemory  (-1, (0x21be000), 4096, 260, ...
 01070  1796   NtSetEventBoostPriority  (272, ...
 01071  1808   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01069  1248   NtProtectVirtualMemory  ... (0x21be000), 4096, 4, ) == 0x0
 01048  1756   NtWaitForSingleObject  ... ) == 0x0
 01070  1796   NtSetEventBoostPriority  ... ) == 0x0
 01071  1808   NtDuplicateObject  ... 284, ) == 0x0
 01072  1756   NtSetEventBoostPriority  (272, ...
 01073  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01074  1356   NtWaitForSingleObject  (272, 0, 0x0, ...
 01056  1800   NtWaitForSingleObject  ... ) == 0x0
 01072  1756   NtSetEventBoostPriority  ... ) == 0x0
 01075  1808   NtWaitForSingleObject  (272, 0, 0x0, ...
 01073  1248   NtCreateThread  ... 304, {1656, 1536}, ) == 0x0
 01076  1800   NtSetEventBoostPriority  (272, ...
 01077  1796   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01078  1756   NtWaitForSingleObject  (272, 0, 0x0, ...
 01057   220   NtWaitForSingleObject  ... ) == 0x0
 01076  1800   NtSetEventBoostPriority  ... ) == 0x0
 01077  1796   NtDuplicateObject  ... 300, ) == 0x0
 01079   220   NtSetEventBoostPriority  (272, ...
 01080  1248   NtQueryInformationThread  (304, Basic, 28, ...
 01058  1256   NtWaitForSingleObject  ... ) == 0x0
 01079   220   NtSetEventBoostPriority  ... ) == 0x0
 01081  1796   NtWaitForSingleObject  (272, 0, 0x0, ...
 01082  1256   NtSetEventBoostPriority  (272, ...
 01080  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffa1000,Pid=1656,Tid=1536,}, 0x0, ) == 0x0
 01083  1800   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01047  1596   NtWaitForSingleObject  ... ) == 0x0
 01082  1256   NtSetEventBoostPriority  ... ) == 0x0
 01084  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57964, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57964, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0x\6\0\0\0\6\0\0" ...  ...
 01085  1596   NtSetEventBoostPriority  (272, ...
 01083  1800   NtDuplicateObject  ... 296, ) == 0x0
 01086   220   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01061  1580   NtWaitForSingleObject  ... ) == 0x0
 01084  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57965, 0}  ... {28, 56, reply, 0, 1656, 1248, 57965, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\1\0\0x\6\0\0\0\6\0\0" )  ) == 0x0
 01087  1800   NtWaitForSingleObject  (272, 0, 0x0, ...
 01086   220   NtDuplicateObject  ... 292, ) == 0x0
 01088  1580   NtSetEventBoostPriority  (272, ...
 01089  1248   NtResumeThread  (304, ...
 01090   220   NtWaitForSingleObject  (272, 0, 0x0, ...
 01062   712   NtWaitForSingleObject  ... ) == 0x0
 01088  1580   NtSetEventBoostPriority  ... ) == 0x0
 01085  1596   NtSetEventBoostPriority  ... ) == 0x0
 01091  1256   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01092   712   NtSetEventBoostPriority  (272, ...
 01093  1580   NtOpenThreadToken  (-2, 0xc, 1, ...
 01094  1596   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01091  1256   NtDuplicateObject  ... 256, ) == 0x0
 01063  1156   NtWaitForSingleObject  ... ) == 0x0
 01093  1580   NtOpenThreadToken  ... ) == STATUS_NO_TOKEN
 01094  1596   NtDuplicateObject  ... 280, ) == 0x0
 01095  1256   NtWaitForSingleObject  (272, 0, 0x0, ...
 01096  1156   NtSetEventBoostPriority  (272, ...
 01092   712   NtSetEventBoostPriority  ... ) == 0x0
 01089  1248   NtResumeThread  ... 1, ) == 0x0
 01097  1580   NtOpenThreadToken  (-2, 0x20008, 1, ...
 01098  1536   NtTestAlert  (...
 01064  1700   NtWaitForSingleObject  ... ) == 0x0
 01099   712   NtWaitForSingleObject  (272, 0, 0x0, ...
 01100  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01097  1580   NtOpenThreadToken  ... ) == STATUS_NO_TOKEN
 01098  1536   NtTestAlert  ... ) == 0x0
 01101  1700   NtSetEventBoostPriority  (272, ...
 01100  1248   NtAllocateVirtualMemory  ... 35389440, 1048576, ) == 0x0
 01102  1580   NtWaitForSingleObject  (272, 0, 0x0, ...
 01103  1536   NtContinue  (35388720, 1, ...
 01066  1128   NtWaitForSingleObject  ... ) == 0x0
 01104  1248   NtAllocateVirtualMemory  (-1, 36429824, 0, 8192, 4096, 4, ...
 01105  1536   NtRegisterThreadTerminatePort  (24, ...
 01106  1128   NtSetEventBoostPriority  (272, ...
 01104  1248   NtAllocateVirtualMemory  ... 36429824, 8192, ) == 0x0
 01105  1536   NtRegisterThreadTerminatePort  ... ) == 0x0
 01074  1356   NtWaitForSingleObject  ... ) == 0x0
 01106  1128   NtSetEventBoostPriority  ... ) == 0x0
 01107  1248   NtProtectVirtualMemory  (-1, (0x22be000), 4096, 260, ...
 01101  1700   NtSetEventBoostPriority  ... ) == 0x0
 01096  1156   NtSetEventBoostPriority  ... ) == 0x0
 01108  1596   NtWaitForSingleObject  (272, 0, 0x0, ...
 01109  1356   NtSetEventBoostPriority  (272, ...
 01110  1536   NtWaitForSingleObject  (272, 0, 0x0, ...
 01111  1128   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01112  1700   NtWaitForSingleObject  (272, 0, 0x0, ...
 01113  1156   NtWaitForSingleObject  (272, 0, 0x0, ...
 01075  1808   NtWaitForSingleObject  ... ) == 0x0
 01109  1356   NtSetEventBoostPriority  ... ) == 0x0
 01111  1128   NtDuplicateObject  ... 276, ) == 0x0
 01114  1808   NtSetEventBoostPriority  (272, ...
 01115  1356   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01078  1756   NtWaitForSingleObject  ... ) == 0x0
 01114  1808   NtSetEventBoostPriority  ... ) == 0x0
 01116  1128   NtWaitForSingleObject  (272, 0, 0x0, ...
 01107  1248   NtProtectVirtualMemory  ... (0x22be000), 4096, 4, ) == 0x0
 01117  1756   NtSetEventBoostPriority  (272, ...
 01115  1356   NtDuplicateObject  ... 308, ) == 0x0
 01081  1796   NtWaitForSingleObject  ... ) == 0x0
 01117  1756   NtSetEventBoostPriority  ... ) == 0x0
 01118  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01119  1796   NtSetEventBoostPriority  (272, ...
 01120  1356   NtWaitForSingleObject  (272, 0, 0x0, ...
 01121  1756   NtWaitForSingleObject  (272, 0, 0x0, ...
 01087  1800   NtWaitForSingleObject  ... ) == 0x0
 01119  1796   NtSetEventBoostPriority  ... ) == 0x0
 01118  1248   NtCreateThread  ... 312, {1656, 444}, ) == 0x0
 01122  1808   NtWaitForSingleObject  (272, 0, 0x0, ...
 01123  1800   NtSetEventBoostPriority  (272, ...
 01124  1248   NtQueryInformationThread  (312, Basic, 28, ...
 01090   220   NtWaitForSingleObject  ... ) == 0x0
 01123  1800   NtSetEventBoostPriority  ... ) == 0x0
 01125   220   NtSetEventBoostPriority  (272, ...
 01124  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffa0000,Pid=1656,Tid=444,}, 0x0, ) == 0x0
 01126  1796   NtWaitForSingleObject  (272, 0, 0x0, ...
 01095  1256   NtWaitForSingleObject  ... ) == 0x0
 01125   220   NtSetEventBoostPriority  ... ) == 0x0
 01127  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57965, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57965, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0x\6\0\0\274\1\0\0" ...  ...
 01128  1256   NtSetEventBoostPriority  (272, ...
 01129  1800   NtWaitForSingleObject  (272, 0, 0x0, ...
 01130   220   NtWaitForSingleObject  (272, 0, 0x0, ...
 01099   712   NtWaitForSingleObject  ... ) == 0x0
 01128  1256   NtSetEventBoostPriority  ... ) == 0x0
 01131   712   NtSetEventBoostPriority  (272, ...
 01127  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57966, 0}  ... {28, 56, reply, 0, 1656, 1248, 57966, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\1\0\0x\6\0\0\274\1\0\0" )  ) == 0x0
 01102  1580   NtWaitForSingleObject  ... ) == 0x0
 01131   712   NtSetEventBoostPriority  ... ) == 0x0
 01132  1580   NtSetEventBoostPriority  (272, ...
 01133  1248   NtResumeThread  (312, ...
 01134  1256   NtWaitForSingleObject  (272, 0, 0x0, ...
 01108  1596   NtWaitForSingleObject  ... ) == 0x0
 01132  1580   NtSetEventBoostPriority  ... ) == 0x0
 01133  1248   NtResumeThread  ... 1, ) == 0x0
 01135  1596   NtSetEventBoostPriority  (272, ...
 01136   712   NtWaitForSingleObject  (272, 0, 0x0, ...
 01137   444   NtAllocateVirtualMemory  (-1, 8802304, 0, 4096, 4096, 4, ...
 01110  1536   NtWaitForSingleObject  ... ) == 0x0
 01135  1596   NtSetEventBoostPriority  ... ) == 0x0
 01138  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01139  1536   NtSetEventBoostPriority  (272, ...
 01137   444   NtAllocateVirtualMemory  ... 8802304, 4096, ) == 0x0
 01140  1596   NtWaitForSingleObject  (272, 0, 0x0, ...
 01112  1700   NtWaitForSingleObject  ... ) == 0x0
 01139  1536   NtSetEventBoostPriority  ... ) == 0x0
 01138  1248   NtAllocateVirtualMemory  ... 36438016, 1048576, ) == 0x0
 01141   444   NtTestAlert  (...
 01142  1580   NtWaitForSingleObject  (272, 0, 0x0, ...
 01143  1700   NtSetEventBoostPriority  (272, ...
 01144  1536   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01141   444   NtTestAlert  ... ) == 0x0
 01113  1156   NtWaitForSingleObject  ... ) == 0x0
 01143  1700   NtSetEventBoostPriority  ... ) == 0x0
 01145  1248   NtAllocateVirtualMemory  (-1, 37478400, 0, 8192, 4096, 4, ...
 01146  1156   NtSetEventBoostPriority  (272, ...
 01147   444   NtContinue  (36437296, 1, ...
 01144  1536   NtDuplicateObject  ... 316, ) == 0x0
 01116  1128   NtWaitForSingleObject  ... ) == 0x0
 01146  1156   NtSetEventBoostPriority  ... ) == 0x0
 01145  1248   NtAllocateVirtualMemory  ... 37478400, 8192, ) == 0x0
 01148  1700   NtWaitForSingleObject  (272, 0, 0x0, ...
 01149  1128   NtSetEventBoostPriority  (272, ...
 01150  1536   NtWaitForSingleObject  (272, 0, 0x0, ...
 01151   444   NtRegisterThreadTerminatePort  (24, ...
 01152  1248   NtProtectVirtualMemory  (-1, (0x23be000), 4096, 260, ...
 01120  1356   NtWaitForSingleObject  ... ) == 0x0
 01149  1128   NtSetEventBoostPriority  ... ) == 0x0
 01151   444   NtRegisterThreadTerminatePort  ... ) == 0x0
 01153  1356   NtSetEventBoostPriority  (272, ...
 01152  1248   NtProtectVirtualMemory  ... (0x23be000), 4096, 4, ) == 0x0
 01154  1156   NtWaitForSingleObject  (272, 0, 0x0, ...
 01121  1756   NtWaitForSingleObject  ... ) == 0x0
 01153  1356   NtSetEventBoostPriority  ... ) == 0x0
 01155   444   NtWaitForSingleObject  (272, 0, 0x0, ...
 01156  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01157  1756   NtSetEventBoostPriority  (272, ...
 01158  1128   NtWaitForSingleObject  (272, 0, 0x0, ...
 01122  1808   NtWaitForSingleObject  ... ) == 0x0
 01156  1248   NtCreateThread  ... 320, {1656, 1904}, ) == 0x0
 01159  1808   NtSetEventBoostPriority  (272, ...
 01157  1756   NtSetEventBoostPriority  ... ) == 0x0
 01160  1356   NtWaitForSingleObject  (272, 0, 0x0, ...
 01126  1796   NtWaitForSingleObject  ... ) == 0x0
 01159  1808   NtSetEventBoostPriority  ... ) == 0x0
 01161  1756   NtWaitForSingleObject  (272, 0, 0x0, ...
 01162  1796   NtSetEventBoostPriority  (272, ...
 01163  1808   NtWaitForSingleObject  (272, 0, 0x0, ...
 01129  1800   NtWaitForSingleObject  ... ) == 0x0
 01162  1796   NtSetEventBoostPriority  ... ) == 0x0
 01164  1248   NtQueryInformationThread  (320, Basic, 28, ...
 01165  1800   NtSetEventBoostPriority  (272, ...
 01166  1796   NtWaitForSingleObject  (272, 0, 0x0, ...
 01130   220   NtWaitForSingleObject  ... ) == 0x0
 01165  1800   NtSetEventBoostPriority  ... ) == 0x0
 01164  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff9f000,Pid=1656,Tid=1904,}, 0x0, ) == 0x0
 01167   220   NtSetEventBoostPriority  (272, ...
 01168  1800   NtWaitForSingleObject  (272, 0, 0x0, ...
 01134  1256   NtWaitForSingleObject  ... ) == 0x0
 01167   220   NtSetEventBoostPriority  ... ) == 0x0
 01169  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57966, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57966, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0x\6\0\0p\7\0\0" ...  ...
 01170  1256   NtSetEventBoostPriority  (272, ...
 01171   220   NtWaitForSingleObject  (272, 0, 0x0, ...
 01136   712   NtWaitForSingleObject  ... ) == 0x0
 01170  1256   NtSetEventBoostPriority  ... ) == 0x0
 01169  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57967, 0}  ... {28, 56, reply, 0, 1656, 1248, 57967, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\1\0\0x\6\0\0p\7\0\0" )  ) == 0x0
 01172   712   NtSetEventBoostPriority  (272, ...
 01173  1256   NtWaitForSingleObject  (272, 0, 0x0, ...
 01140  1596   NtWaitForSingleObject  ... ) == 0x0
 01172   712   NtSetEventBoostPriority  ... ) == 0x0
 01174  1248   NtResumeThread  (320, ...
 01175  1596   NtSetEventBoostPriority  (272, ...
 01176   712   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01142  1580   NtWaitForSingleObject  ... ) == 0x0
 01175  1596   NtSetEventBoostPriority  ... ) == 0x0
 01174  1248   NtResumeThread  ... 1, ) == 0x0
 01177  1580   NtSetEventBoostPriority  (272, ...
 01178  1596   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01179  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01148  1700   NtWaitForSingleObject  ... ) == 0x0
 01177  1580   NtSetEventBoostPriority  ... ) == 0x0
 01178  1596   NtCreateEvent  ... 324, ) == 0x0
 01180  1700   NtSetEventBoostPriority  (272, ...
 01179  1248   NtAllocateVirtualMemory  ... 37486592, 1048576, ) == 0x0
 01181  1580   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01176   712   NtCreateEvent  ... 328, ) == 0x0
 01182  1904   NtTestAlert  (...
 01150  1536   NtWaitForSingleObject  ... ) == 0x0
 01180  1700   NtSetEventBoostPriority  ... ) == 0x0
 01183  1248   NtAllocateVirtualMemory  (-1, 38526976, 0, 8192, 4096, 4, ...
 01184  1596   NtWaitForSingleObject  (324, 0, 0x0, ...
 01185   712   NtClose  (328, ...
 01186  1536   NtSetEventBoostPriority  (272, ...
 01182  1904   NtTestAlert  ... ) == 0x0
 01187  1700   NtWaitForSingleObject  (324, 0, 0x0, ...
 01183  1248   NtAllocateVirtualMemory  ... 38526976, 8192, ) == 0x0
 01154  1156   NtWaitForSingleObject  ... ) == 0x0
 01186  1536   NtSetEventBoostPriority  ... ) == 0x0
 01185   712   NtClose  ... ) == 0x0
 01188  1904   NtContinue  (37485872, 1, ...
 01181  1580   NtCreateEvent  ... 328, ) == 0x0
 01189  1156   NtSetEventBoostPriority  (272, ...
 01190  1248   NtProtectVirtualMemory  (-1, (0x24be000), 4096, 260, ...
 01191   712   NtWaitForSingleObject  (324, 0, 0x0, ...
 01192  1904   NtRegisterThreadTerminatePort  (24, ...
 01155   444   NtWaitForSingleObject  ... ) == 0x0
 01189  1156   NtSetEventBoostPriority  ... ) == 0x0
 01193  1580   NtClose  (328, ...
 01194  1536   NtWaitForSingleObject  (324, 0, 0x0, ...
 01195   444   NtSetEventBoostPriority  (272, ...
 01192  1904   NtRegisterThreadTerminatePort  ... ) == 0x0
 01196  1156   NtWaitForSingleObject  (324, 0, 0x0, ...
 01193  1580   NtClose  ... ) == 0x0
 01158  1128   NtWaitForSingleObject  ... ) == 0x0
 01195   444   NtSetEventBoostPriority  ... ) == 0x0
 01190  1248   NtProtectVirtualMemory  ... (0x24be000), 4096, 4, ) == 0x0
 01197  1904   NtWaitForSingleObject  (272, 0, 0x0, ...
 01198  1128   NtSetEventBoostPriority  (272, ...
 01199  1580   NtSetEventBoostPriority  (324, ...
 01200  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01160  1356   NtWaitForSingleObject  ... ) == 0x0
 01198  1128   NtSetEventBoostPriority  ... ) == 0x0
 01184  1596   NtWaitForSingleObject  ... ) == 0x0
 01199  1580   NtSetEventBoostPriority  ... ) == 0x0
 01201  1356   NtSetEventBoostPriority  (272, ...
 01200  1248   NtCreateThread  ... 328, {1656, 1936}, ) == 0x0
 01202  1596   NtWaitForSingleObject  (272, 0, 0x0, ...
 01203  1128   NtWaitForSingleObject  (324, 0, 0x0, ...
 01161  1756   NtWaitForSingleObject  ... ) == 0x0
 01201  1356   NtSetEventBoostPriority  ... ) == 0x0
 01204  1580   NtWaitForSingleObject  (324, 0, 0x0, ...
 01205  1248   NtQueryInformationThread  (328, Basic, 28, ...
 01206   444   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01207  1756   NtAllocateVirtualMemory  (-1, 1372160, 0, 4096, 4096, 4, ...
 01208  1356   NtWaitForSingleObject  (324, 0, 0x0, ...
 01205  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff9e000,Pid=1656,Tid=1936,}, 0x0, ) == 0x0
 01207  1756   NtAllocateVirtualMemory  ... 1372160, 4096, ) == 0x0
 01206   444   NtDuplicateObject  ... 332, ) == 0x0
 01209  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57967, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57967, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0x\6\0\0\220\7\0\0" ...  ...
 01210   444   NtWaitForSingleObject  (272, 0, 0x0, ...
 01211  1756   NtSetEventBoostPriority  (272, ...
 01163  1808   NtWaitForSingleObject  ... ) == 0x0
 01212  1808   NtSetEventBoostPriority  (272, ...
 01166  1796   NtWaitForSingleObject  ... ) == 0x0
 01213  1796   NtSetEventBoostPriority  (272, ...
 01168  1800   NtWaitForSingleObject  ... ) == 0x0
 01214  1800   NtSetEventBoostPriority  (272, ...
 01171   220   NtWaitForSingleObject  ... ) == 0x0
 01215   220   NtSetEventBoostPriority  (272, ...
 01173  1256   NtWaitForSingleObject  ... ) == 0x0
 01216  1256   NtSetEventBoostPriority  (272, ...
 01197  1904   NtWaitForSingleObject  ... ) == 0x0
 01217  1904   NtSetEventBoostPriority  (272, ...
 01202  1596   NtWaitForSingleObject  ... ) == 0x0
 01218  1596   NtSetEventBoostPriority  (272, ...
 01210   444   NtWaitForSingleObject  ... ) == 0x0
 01219   444   NtWaitForSingleObject  (324, 0, 0x0, ...
 01218  1596   NtSetEventBoostPriority  ... ) == 0x0
 01217  1904   NtSetEventBoostPriority  ... ) == 0x0
 01211  1756   NtSetEventBoostPriority  ... ) == 0x0
 01216  1256   NtSetEventBoostPriority  ... ) == 0x0
 01215   220   NtSetEventBoostPriority  ... ) == 0x0
 01214  1800   NtSetEventBoostPriority  ... ) == 0x0
 01213  1796   NtSetEventBoostPriority  ... ) == 0x0
 01212  1808   NtSetEventBoostPriority  ... ) == 0x0
 01209  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57968, 0}  ... {28, 56, reply, 0, 1656, 1248, 57968, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\1\0\0x\6\0\0\220\7\0\0" )  ) == 0x0
 01220  1904   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01221  1756   NtWaitForSingleObject  (324, 0, 0x0, ...
 01222  1256   NtWaitForSingleObject  (324, 0, 0x0, ...
 01223   220   NtWaitForSingleObject  (324, 0, 0x0, ...
 01224  1800   NtWaitForSingleObject  (324, 0, 0x0, ...
 01225  1796   NtWaitForSingleObject  (324, 0, 0x0, ...
 01226  1808   NtWaitForSingleObject  (324, 0, 0x0, ...
 01227  1248   NtResumeThread  (328, ...
 01228  1596   NtSetEventBoostPriority  (324, ...
 01227  1248   NtResumeThread  ... 1, ) == 0x0
 01187  1700   NtWaitForSingleObject  ... ) == 0x0
 01228  1596   NtSetEventBoostPriority  ... ) == 0x0
 01229  1700   NtSetEventBoostPriority  (324, ...
 01230  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01191   712   NtWaitForSingleObject  ... ) == 0x0
 01231  1596   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01230  1248   NtAllocateVirtualMemory  ... 38535168, 1048576, ) == 0x0
 01232   712   NtSetEventBoostPriority  (324, ...
 01231  1596   NtWaitForSingleObject  ... ) == 0x102
 01229  1700   NtSetEventBoostPriority  ... ) == 0x0
 01220  1904   NtDuplicateObject  ... 336, ) == 0x0
 01233  1936   NtTestAlert  (...
 01194  1536   NtWaitForSingleObject  ... ) == 0x0
 01232   712   NtSetEventBoostPriority  ... ) == 0x0
 01234  1596   NtWaitForSingleObject  (136, 0, 0x0, ...
 01235  1700   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01236  1904   NtWaitForSingleObject  (324, 0, 0x0, ...
 01237  1536   NtSetEventBoostPriority  (324, ...
 01233  1936   NtTestAlert  ... ) == 0x0
 01238  1248   NtAllocateVirtualMemory  (-1, 39575552, 0, 8192, 4096, 4, ...
 01239   712   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01196  1156   NtWaitForSingleObject  ... ) == 0x0
 01237  1536   NtSetEventBoostPriority  ... ) == 0x0
 01240  1936   NtContinue  (38534448, 1, ...
 01238  1248   NtAllocateVirtualMemory  ... 39575552, 8192, ) == 0x0
 01241  1156   NtSetEventBoostPriority  (324, ...
 01239   712   NtWaitForSingleObject  ... ) == 0x102
 01242  1536   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01243  1936   NtRegisterThreadTerminatePort  (24, ...
 01203  1128   NtWaitForSingleObject  ... ) == 0x0
 01244  1248   NtProtectVirtualMemory  (-1, (0x25be000), 4096, 260, ...
 01245   712   NtWaitForSingleObject  (136, 0, 0x0, ...
 01241  1156   NtSetEventBoostPriority  ... ) == 0x0
 01235  1700   NtWaitForSingleObject  ... ) == 0x102
 01243  1936   NtRegisterThreadTerminatePort  ... ) == 0x0
 01246  1128   NtSetEventBoostPriority  (324, ...
 01244  1248   NtProtectVirtualMemory  ... (0x25be000), 4096, 4, ) == 0x0
 01247  1156   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01248  1700   NtWaitForSingleObject  (136, 0, 0x0, ...
 01242  1536   NtWaitForSingleObject  ... ) == 0x102
 01204  1580   NtWaitForSingleObject  ... ) == 0x0
 01249  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01250  1536   NtWaitForSingleObject  (136, 0, 0x0, ...
 01251  1580   NtSetEventBoostPriority  (324, ...
 01249  1248   NtCreateThread  ... 340, {1656, 1648}, ) == 0x0
 01208  1356   NtWaitForSingleObject  ... ) == 0x0
 01251  1580   NtSetEventBoostPriority  ... ) == 0x0
 01246  1128   NtSetEventBoostPriority  ... ) == 0x0
 01252  1936   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01247  1156   NtWaitForSingleObject  ... ) == 0x102
 01253  1356   NtSetEventBoostPriority  (324, ...
 01254  1580   NtWaitForSingleObject  (324, 0, 0x0, ...
 01255  1128   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01252  1936   NtDuplicateObject  ... 344, ) == 0x0
 01256  1156   NtWaitForSingleObject  (136, 0, 0x0, ...
 01219   444   NtWaitForSingleObject  ... ) == 0x0
 01257  1936   NtWaitForSingleObject  (324, 0, 0x0, ...
 01258   444   NtSetEventBoostPriority  (324, ...
 01221  1756   NtWaitForSingleObject  ... ) == 0x0
 01259  1756   NtSetEventBoostPriority  (324, ...
 01222  1256   NtWaitForSingleObject  ... ) == 0x0
 01260  1256   NtSetEventBoostPriority  (324, ...
 01223   220   NtWaitForSingleObject  ... ) == 0x0
 01261   220   NtSetEventBoostPriority  (324, ...
 01224  1800   NtWaitForSingleObject  ... ) == 0x0
 01262  1800   NtSetEventBoostPriority  (324, ...
 01225  1796   NtWaitForSingleObject  ... ) == 0x0
 01263  1796   NtSetEventBoostPriority  (324, ...
 01226  1808   NtWaitForSingleObject  ... ) == 0x0
 01264  1808   NtSetEventBoostPriority  (324, ...
 01236  1904   NtWaitForSingleObject  ... ) == 0x0
 01265  1904   NtSetEventBoostPriority  (324, ...
 01254  1580   NtWaitForSingleObject  ... ) == 0x0
 01266  1580   NtSetEventBoostPriority  (324, ... ) == 0x0
 01265  1904   NtSetEventBoostPriority  ... ) == 0x0
 01264  1808   NtSetEventBoostPriority  ... ) == 0x0
 01263  1796   NtSetEventBoostPriority  ... ) == 0x0
 01262  1800   NtSetEventBoostPriority  ... ) == 0x0
 01261   220   NtSetEventBoostPriority  ... ) == 0x0
 01260  1256   NtSetEventBoostPriority  ... ) == 0x0
 01259  1756   NtSetEventBoostPriority  ... ) == 0x0
 01258   444   NtSetEventBoostPriority  ... ) == 0x0
 01257  1936   NtWaitForSingleObject  ... ) == 0x0
 01253  1356   NtSetEventBoostPriority  ... ) == 0x0
 01267  1248   NtQueryInformationThread  (340, Basic, 28, ...
 01255  1128   NtWaitForSingleObject  ... ) == 0x102
 01268  1580   NtWaitForSingleObject  (324, 0, 0x0, ...
 01269  1904   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01270  1808   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01271  1796   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01272  1800   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01273   220   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01274  1256   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01275  1756   NtWaitForSingleObject  (324, 0, 0x0, ...
 01276  1936   NtSetEventBoostPriority  (324, ...
 01277  1356   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01267  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff9d000,Pid=1656,Tid=1648,}, 0x0, ) == 0x0
 01278  1128   NtWaitForSingleObject  (136, 0, 0x0, ...
 01269  1904   NtWaitForSingleObject  ... ) == 0x102
 01270  1808   NtWaitForSingleObject  ... ) == 0x102
 01271  1796   NtWaitForSingleObject  ... ) == 0x102
 01272  1800   NtWaitForSingleObject  ... ) == 0x102
 01273   220   NtWaitForSingleObject  ... ) == 0x102
 01274  1256   NtWaitForSingleObject  ... ) == 0x102
 01279   444   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01280  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57968, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57968, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0x\6\0\0p\6\0\0" ...  ...
 01281  1904   NtWaitForSingleObject  (136, 0, 0x0, ...
 01282  1808   NtWaitForSingleObject  (136, 0, 0x0, ...
 01283  1796   NtWaitForSingleObject  (136, 0, 0x0, ...
 01284  1800   NtWaitForSingleObject  (136, 0, 0x0, ...
 01285   220   NtWaitForSingleObject  (136, 0, 0x0, ...
 01286  1256   NtWaitForSingleObject  (136, 0, 0x0, ...
 01279   444   NtWaitForSingleObject  ... ) == 0x102
 01280  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57969, 0}  ... {28, 56, reply, 0, 1656, 1248, 57969, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\1\0\0x\6\0\0p\6\0\0" )  ) == 0x0
 01287   444   NtWaitForSingleObject  (136, 0, 0x0, ...
 01288  1248   NtResumeThread  (340, ...
 01268  1580   NtWaitForSingleObject  ... ) == 0x0
 01276  1936   NtSetEventBoostPriority  ... ) == 0x0
 01277  1356   NtWaitForSingleObject  ... ) == 0x102
 01289  1580   NtSetEventBoostPriority  (324, ...
 01290  1936   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01291  1356   NtWaitForSingleObject  (136, 0, 0x0, ...
 01275  1756   NtWaitForSingleObject  ... ) == 0x0
 01289  1580   NtSetEventBoostPriority  ... ) == 0x0
 01290  1936   NtWaitForSingleObject  ... ) == 0x102
 01292  1756   NtAllocateVirtualMemory  (-1, 1376256, 0, 4096, 4096, 4, ...
 01293  1580   NtWaitForSingleObject  (272, 0, 0x0, ...
 01292  1756   NtAllocateVirtualMemory  ... 1376256, 4096, ) == 0x0
 01294  1936   NtWaitForSingleObject  (272, 0, 0x0, ...
 01288  1248   NtResumeThread  ... 1, ) == 0x0
 01295  1756   NtSetEventBoostPriority  (272, ...
 01296  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01297  1648   NtTestAlert  (...
 01296  1248   NtAllocateVirtualMemory  ... 39583744, 1048576, ) == 0x0
 01297  1648   NtTestAlert  ... ) == 0x0
 01298  1248   NtAllocateVirtualMemory  (-1, 40624128, 0, 8192, 4096, 4, ...
 01299  1648   NtContinue  (39583024, 1, ...
 01298  1248   NtAllocateVirtualMemory  ... 40624128, 8192, ) == 0x0
 01300  1648   NtRegisterThreadTerminatePort  (24, ...
 01301  1248   NtProtectVirtualMemory  (-1, (0x26be000), 4096, 260, ...
 01300  1648   NtRegisterThreadTerminatePort  ... ) == 0x0
 01294  1936   NtWaitForSingleObject  ... ) == 0x0
 01295  1756   NtSetEventBoostPriority  ... ) == 0x0
 01301  1248   NtProtectVirtualMemory  ... (0x26be000), 4096, 4, ) == 0x0
 01302  1936   NtSetEventBoostPriority  (272, ...
 01303  1756   NtWaitForSingleObject  (324, 0, 0x0, ...
 01304  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01293  1580   NtWaitForSingleObject  ... ) == 0x0
 01302  1936   NtSetEventBoostPriority  ... ) == 0x0
 01305  1580   NtSetEventBoostPriority  (324, ...
 01304  1248   NtCreateThread  ... 348, {1656, 148}, ) == 0x0
 01306  1648   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01303  1756   NtWaitForSingleObject  ... ) == 0x0
 01307  1248   NtQueryInformationThread  (348, Basic, 28, ...
 01306  1648   NtDuplicateObject  ... 352, ) == 0x0
 01308  1756   NtOpenFile  (0x100001, {24, 0, 0x40, 0, 0,  (0x100001, {24, 0, 0x40, 0, 0, "\Device\KsecDD"}, 7, 16, ... }, 7, 16, ...
 01307  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff9c000,Pid=1656,Tid=148,}, 0x0, ) == 0x0
 01309  1648   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01308  1756   NtOpenFile  ... 356, {status=0x0, info=0}, ) == 0x0
 01310  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57969, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57969, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0x\6\0\0\224\0\0\0" ...  ...
 01309  1648   NtWaitForSingleObject  ... ) == 0x102
 01305  1580   NtSetEventBoostPriority  ... ) == 0x0
 01311  1936   NtWaitForSingleObject  (136, 0, 0x0, ...
 01312  1756   NtDeviceIoControlFile  (356, 0, 0x0, 0x0, 0x390008,  (356, 0, 0x0, 0x0, 0x390008, "\352/\34-f\363\265\2329\6\347\233u\353\337\372\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, 256, ... , 256, 256, ...
 01313  1648   NtWaitForSingleObject  (136, 0, 0x0, ...
 01314  1580   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11006064, ... }, 11006064, ...
 01315  1756   NtQuerySystemInformation  (TimeOfDay, 48, ...
 01310  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57970, 0}  ... {28, 56, reply, 0, 1656, 1248, 57970, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\1\0\0x\6\0\0\224\0\0\0" )  ) == 0x0
 01314  1580   NtQueryAttributesFile  ... ) == 0x0
 01315  1756   NtQuerySystemInformation  ... {system info, class 3, size 48}, 48, ) == 0x0
 01316  1248   NtResumeThread  (348, ...
 01317  1756   NtQuerySystemInformation  (ProcessorTimes, 48, ...
 01316  1248   NtResumeThread  ... 1, ) == 0x0
 01317  1756   NtQuerySystemInformation  ... {system info, class 8, size 48}, 48, ) == 0x0
 01318  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01319  1756   NtQuerySystemInformation  (Performance, 312, ...
 01318  1248   NtAllocateVirtualMemory  ... 40632320, 1048576, ) == 0x0
 01320  1580   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Services\Winsock\Parameters"}, ... }, ...
 01321   148   NtTestAlert  (...
 01319  1756   NtQuerySystemInformation  ... {system info, class 2, size 312}, 312, ) == 0x0
 01320  1580   NtOpenKey  ... 360, ) == 0x0
 01321   148   NtTestAlert  ... ) == 0x0
 01322  1756   NtQuerySystemInformation  (Exception, 16, ...
 01323  1580   NtQueryValueKey  (360,  (360, "Transports", Partial, 144, ... , Partial, 144, ...
 01324   148   NtContinue  (40631600, 1, ...
 01322  1756   NtQuerySystemInformation  ... {system info, class 33, size 16}, 16, ) == 0x0
 01323  1580   NtQueryValueKey  ... TitleIdx=0, Type=7, Data= ... TitleIdx=0, Type=7, Data="T\0c\0p\0i\0p\0\0\0N\0e\0t\0B\0I\0O\0S\0\0\0R\0F\0C\0O\0M\0M\0\0\0\0\0"}, 56, ) }, 56, ) == 0x0
 01325   148   NtRegisterThreadTerminatePort  (24, ...
 01326  1756   NtQuerySystemInformation  (Lookaside, 32, ...
 01327  1580   NtQueryValueKey  (360,  (360, "Transports", Partial, 144, ... , Partial, 144, ...
 01325   148   NtRegisterThreadTerminatePort  ... ) == 0x0
 01326  1756   NtQuerySystemInformation  ... {system info, class 45, size 32}, 32, ) == 0x0
 01327  1580   NtQueryValueKey  ... TitleIdx=0, Type=7, Data= ... TitleIdx=0, Type=7, Data="T\0c\0p\0i\0p\0\0\0N\0e\0t\0B\0I\0O\0S\0\0\0R\0F\0C\0O\0M\0M\0\0\0\0\0"}, 56, ) }, 56, ) == 0x0
 01328  1248   NtAllocateVirtualMemory  (-1, 41672704, 0, 8192, 4096, 4, ...
 01329  1756   NtQuerySystemInformation  (ProcessorStatistics, 3016, ...
 01330   148   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01328  1248   NtAllocateVirtualMemory  ... 41672704, 8192, ) == 0x0
 01331  1580   NtClose  (360, ...
 01330   148   NtDuplicateObject  ... 364, ) == 0x0
 01332  1248   NtProtectVirtualMemory  (-1, (0x27be000), 4096, 260, ...
 01331  1580   NtClose  ... ) == 0x0
 01333   148   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01332  1248   NtProtectVirtualMemory  ... (0x27be000), 4096, 4, ) == 0x0
 01334  1580   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters\Winsock"}, ... }, ...
 01333   148   NtWaitForSingleObject  ... ) == 0x102
 01335  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01334  1580   NtOpenKey  ... 360, ) == 0x0
 01336   148   NtWaitForSingleObject  (136, 0, 0x0, ...
 01335  1248   NtCreateThread  ... 368, {1656, 1828}, ) == 0x0
 01337  1580   NtQueryValueKey  (360,  (360, "Mapping", Partial, 144, ... , Partial, 144, ...
 01329  1756   NtQuerySystemInformation  ... {system info, class 23, size 0}, 0, ) == 0x0
 01337  1580   NtQueryValueKey  ... ) == STATUS_BUFFER_OVERFLOW
 01338  1756   NtQuerySystemInformation  (ProcessesAndThreads, 3008, ...
 01339  1248   NtQueryInformationThread  (368, Basic, 28, ...
 01338  1756   NtQuerySystemInformation  ... ) == STATUS_INFO_LENGTH_MISMATCH
 01339  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff9b000,Pid=1656,Tid=1828,}, 0x0, ) == 0x0
 01340  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57970, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57970, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0x\6\0\0$\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57971, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0x\6\0\0$\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57971, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57970, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0x\6\0\0$\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57971, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\1\0\0x\6\0\0$\7\0\0" )  ) == 0x0
 01341  1248   NtResumeThread  (368, ... 1, ) == 0x0
 01342  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 41680896, 1048576, ) == 0x0
 01343  1248   NtAllocateVirtualMemory  (-1, 42721280, 0, 8192, 4096, 4, ... 42721280, 8192, ) == 0x0
 01344  1248   NtProtectVirtualMemory  (-1, (0x28be000), 4096, 260, ...
 01345  1756   NtCreateKey  (0x2, {24, 0, 0x240, 0, 0,  (0x2, {24, 0, 0x240, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Cryptography\RNG"}, 0, 0x0, 0, ... }, 0, 0x0, 0, ...
 01346  1580   NtQueryValueKey  (360,  (360, "Mapping", Partial, 144, ... , Partial, 144, ...
 01347  1828   NtTestAlert  (...
 01345  1756   NtCreateKey  ... -2147482740, 2, ) == 0x0
 01346  1580   NtQueryValueKey  ... ) == STATUS_BUFFER_OVERFLOW
 01347  1828   NtTestAlert  ... ) == 0x0
 01348  1756   NtSetValueKey  (-2147482740,  (-2147482740, "Seed", 0, 3, "\277&\233m\306s\334\336*\2\31P\221\351\360\224>\30\310\331\263\10\315\302\321|\265\217-\277gR\234a\334xJ\372\32\337\3403qb\357l\2331\262\21\16\353l\245p(C\315\23\32\311\201\24\230 F\271\346#qU7R\354\224\0\244\330:\317", 80, ... , 0, 3,  (-2147482740, "Seed", 0, 3, "\277&\233m\306s\334\336*\2\31P\221\351\360\224>\30\310\331\263\10\315\302\321|\265\217-\277gR\234a\334xJ\372\32\337\3403qb\357l\2331\262\21\16\353l\245p(C\315\23\32\311\201\24\230 F\271\346#qU7R\354\224\0\244\330:\317", 80, ... , 80, ...
 01349  1580   NtQueryValueKey  (360,  (360, "Mapping", Partial, 152, ... , Partial, 152, ...
 01350  1828   NtContinue  (41680176, 1, ...
 01348  1756   NtSetValueKey  ... ) == 0x0
 01349  1580   NtQueryValueKey  ... TitleIdx=0, Type=3, Data= ... TitleIdx=0, Type=3, Data="\13\0\0\0\3\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\2\0\0\0\1\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\0\0\0\0\1\0\0\0\6\0\0\0\2\0\0\0\2\0\0\0\21\0\0\0\2\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\21\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\2\0\0\0\3\0\0\0\0\0\0\0"}, 152, ) }, 152, ) == 0x0
 01351  1828   NtRegisterThreadTerminatePort  (24, ...
 01352  1756   NtClose  (-2147482740, ...
 01353  1580   NtClose  (360, ...
 01351  1828   NtRegisterThreadTerminatePort  ... ) == 0x0
 01352  1756   NtClose  ... ) == 0x0
 01353  1580   NtClose  ... ) == 0x0
 01344  1248   NtProtectVirtualMemory  ... (0x28be000), 4096, 4, ) == 0x0
 01354  1828   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01312  1756   NtDeviceIoControlFile  ... {status=0x0, info=256},  ... {status=0x0, info=256}, "\316\267v\374\34<\3130\310[\3\303\367\2668\211\320\324V\252\225#\177\231y\252\275\21]/\214\260\305\342L\351\363a9\27^\341dFPM\310\327\34mx?1\213\255\302\15\254\244\35\317\235\374~)\2176l\16q3%\0C\212d\2>6\3536\216\317\15\341\23\215\236\312\336J\231C\226\233xt\255Cr\254\373\345\264h\35n\202B\355\304\277\377\251\325\227+r\326\356vt\251\201\375\2775\244\217K\25\261\371\221\226.s\266\36?\320\223\0N\30W\275bx_Jw{\36/\31\270)x\271/X\350", ) , ) == 0x0
 01355  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01354  1828   NtDuplicateObject  ... 360, ) == 0x0
 01356  1756   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ...
 01355  1248   NtCreateThread  ... 372, {1656, 1864}, ) == 0x0
 01357  1828   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01356  1756   NtCreateEvent  ... 376, ) == 0x0
 01358  1248   NtQueryInformationThread  (372, Basic, 28, ...
 01357  1828   NtWaitForSingleObject  ... ) == 0x102
 01359  1756   NtAllocateVirtualMemory  (-1, 1380352, 0, 4096, 4096, 4, ...
 01358  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff9a000,Pid=1656,Tid=1864,}, 0x0, ) == 0x0
 01360  1828   NtWaitForSingleObject  (136, 0, 0x0, ...
 01359  1756   NtAllocateVirtualMemory  ... 1380352, 4096, ) == 0x0
 01361  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57971, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57971, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0x\6\0\0H\7\0\0" ...  ...
 01362  1580   NtWaitForSingleObject  (272, 0, 0x0, ...
 01363  1756   NtSetEventBoostPriority  (272, ...
 01361  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57972, 0}  ... {28, 56, reply, 0, 1656, 1248, 57972, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\1\0\0x\6\0\0H\7\0\0" )  ) == 0x0
 01364  1248   NtResumeThread  (372, ... 1, ) == 0x0
 01365  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 42729472, 1048576, ) == 0x0
 01366  1248   NtAllocateVirtualMemory  (-1, 43769856, 0, 8192, 4096, 4, ... 43769856, 8192, ) == 0x0
 01367  1248   NtProtectVirtualMemory  (-1, (0x29be000), 4096, 260, ... (0x29be000), 4096, 4, ) == 0x0
 01368  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 380, {1656, 1896}, ) == 0x0
 01362  1580   NtWaitForSingleObject  ... ) == 0x0
 01363  1756   NtSetEventBoostPriority  ... ) == 0x0
 01369  1864   NtTestAlert  (...
 01370  1580   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters\Winsock"}, ... }, ...
 01371  1756   NtConnectPort  ( ("\RPC Control\DNSResolver", {12, 2, 1, 0}, 0x0, 0x0, 12054020, 188, ... , {12, 2, 1, 0}, 0x0, 0x0, 12054020, 188, ...
 01369  1864   NtTestAlert  ... ) == 0x0
 01370  1580   NtOpenKey  ... 384, ) == 0x0
 01372  1864   NtContinue  (42728752, 1, ...
 01373  1580   NtQueryValueKey  (384,  (384, "MinSockaddrLength", Partial, 144, ... , Partial, 144, ...
 01371  1756   NtConnectPort  ... 388, 0x0, 0x0, 0x0, 188, ) == 0x0
 01374  1864   NtRegisterThreadTerminatePort  (24, ...
 01375  1248   NtQueryInformationThread  (380, Basic, 28, ...
 01376  1756   NtRequestWaitReplyPort  (388, {200, 224, new_msg, 0, 1380336, 12, 2, 1}  (388, {200, 224, new_msg, 0, 1380336, 12, 2, 1} "\0\2\24\0\274\0\0\0\4>\24\0\1kwEVY\205D\237\200\364(\367\326\1)\2\0\0\0\1\0\0\0\340\1\24\0\4\0\0\0\1\0\0\0\10\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\1\0\0\0\322\277\200\362,1\345\235p\17\25\0\\1\24\0\12\0\0\0\0\0\0\0\0 \0\0(\0\0\0x\17\25\09\23\307\243\10\2\24\0\230\17\25\0\\1\24\0\0\0\0\0\0\0\0\0\230\17\25\0P\0\0\0\240\17\25\0\360\6\221|\340\1\24\0P\0\0\0\346\31\0\0\0\0\24\0\204\354\267\0\372\31\221|\30\364\267\0\30\356\220|\360\6\221|\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0" ...  ...
 01374  1864   NtRegisterThreadTerminatePort  ... ) == 0x0
 01375  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff99000,Pid=1656,Tid=1896,}, 0x0, ) == 0x0
 01373  1580   NtQueryValueKey  ... TitleIdx=0, Type=4, Data= ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) }, 16, ) == 0x0
 01377  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57972, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57972, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0x\6\0\0h\7\0\0" ...  ...
 01378  1580   NtQueryValueKey  (384,  (384, "MaxSockaddrLength", Partial, 144, ... , Partial, 144, ...
 01377  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57975, 0}  ... {28, 56, reply, 0, 1656, 1248, 57975, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\1\0\0x\6\0\0h\7\0\0" )  ) == 0x0
 01378  1580   NtQueryValueKey  ... TitleIdx=0, Type=4, Data= ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) }, 16, ) == 0x0
 01379  1248   NtResumeThread  (380, ...
 01380  1580   NtQueryValueKey  (384,  (384, "UseDelayedAcceptance", Partial, 144, ... , Partial, 144, ...
 01381  1864   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01376  1756   NtRequestWaitReplyPort  ... {200, 224, reply, 0, 1656, 1756, 57974, 0}  ... {200, 224, reply, 0, 1656, 1756, 57974, 0} "\7\2\24\0\274\0\0\0\4>\24\0\1kwEVY\205D\237\200\364(\367\326\1)\2\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\1\0\0\0\377\377\377\377\5\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\1\0\0\0\322\277\200\362,1\345\235p\17\25\0\\1\24\0\12\0\0\0\0\0\0\0\0 \0\0(\0\0\0x\17\25\09\23\307\243\10\2\24\0\230\17\25\0\\1\24\0\0\0\0\0\0\0\0\0\230\17\25\0P\0\0\0\240\17\25\0\360\6\221|\340\1\24\0P\0\0\0\346\31\0\0\0\0\24\0\204\354\267\0\372\31\221|\30\364\267\0\30\356\220|\360\6\221|\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0" )  ) == 0x0
 01380  1580   NtQueryValueKey  ... TitleIdx=0, Type=4, Data= ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01381  1864   NtDuplicateObject  ... 392, ) == 0x0
 01382  1756   NtRequestWaitReplyPort  (388, {64, 88, new_msg, 0, 0, 0, 0, 0}  (388, {64, 88, new_msg, 0, 0, 0, 0, 0} "\1\0\0\0A\2\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ...  ...
 01383  1580   NtQueryValueKey  (384,  (384, "HelperDllName", Partial, 144, ... , Partial, 144, ...
 01384  1864   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01379  1248   NtResumeThread  ... 1, ) == 0x0
 01384  1864   NtWaitForSingleObject  ... ) == 0x102
 01385  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01386  1864   NtWaitForSingleObject  (136, 0, 0x0, ...
 01385  1248   NtAllocateVirtualMemory  ... 43778048, 1048576, ) == 0x0
 01383  1580   NtQueryValueKey  ... TitleIdx=0, Type=2, Data= ... TitleIdx=0, Type=2, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0t\0c\0p\0i\0p\0.\0d\0l\0l\0\0\0"}, 82, ) }, 82, ) == 0x0
 01387  1896   NtTestAlert  (...
 01388  1248   NtAllocateVirtualMemory  (-1, 44818432, 0, 8192, 4096, 4, ...
 01389  1580   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\wshtcpip.dll"}, 11007020, ... }, 11007020, ...
 01387  1896   NtTestAlert  ... ) == 0x0
 01388  1248   NtAllocateVirtualMemory  ... 44818432, 8192, ) == 0x0
 01389  1580   NtQueryAttributesFile  ... ) == 0x0
 01390  1896   NtContinue  (43777328, 1, ...
 01391  1248   NtProtectVirtualMemory  (-1, (0x2abe000), 4096, 260, ...
 01392  1580   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\wshtcpip.dll"}, 5, 96, ... }, 5, 96, ...
 01393  1896   NtRegisterThreadTerminatePort  (24, ...
 01392  1580   NtOpenFile  ... 396, {status=0x0, info=1}, ) == 0x0
 01393  1896   NtRegisterThreadTerminatePort  ... ) == 0x0
 01394  1580   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 396, ...
 01391  1248   NtProtectVirtualMemory  ... (0x2abe000), 4096, 4, ) == 0x0
 01395  1896   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01396  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 01395  1896   NtDuplicateObject  ... 400, ) == 0x0
 01396  1248   NtCreateThread  ... 404, {1656, 2044}, ) == 0x0
 01397  1896   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 01398  1248   NtQueryInformationThread  (404, Basic, 28, ...
 01397  1896   NtWaitForSingleObject  ... ) == 0x102
 01398  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff98000,Pid=1656,Tid=2044,}, 0x0, ) == 0x0
 01399  1896   NtWaitForSingleObject  (136, 0, 0x0, ...
 01400  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57975, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57975, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0x\6\0\0\374\7\0\0" ...  ...
 01394  1580   NtCreateSection  ... 408, ) == 0x0
 01382  1756   NtRequestWaitReplyPort  ... {52, 76, reply, 0, 1656, 1756, 57976, 0}  ... {52, 76, reply, 0, 1656, 1756, 57976, 0} "\2\356Q\200\1\0\0\0P\306\233\201\0\220\372\177\220\353\3\370\370\37`\300l\353\3\370X\353Q\200\260\37\12\0\1\0\0\0\1\0\0\0\300\250|\207\377\377\377\0" )  ) == 0x0
 01401  1580   NtClose  (396, ...
 01402  1756   NtClose  (376, ...
 01401  1580   NtClose  ... ) == 0x0
 01402  1756   NtClose  ... ) == 0x0
 01403  1580   NtMapViewOfSection  (408, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ...
 01400  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 57979, 0}  ... {28, 56, reply, 0, 1656, 1248, 57979, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\1\0\0x\6\0\0\374\7\0\0" )  ) == 0x0
 01403  1580   NtMapViewOfSection  ... (0x850000), 0x0, 20480, ) == 0x0
 01404  1248   NtResumeThread  (404, ...
 01405  1580   NtClose  (408, ...
 01404  1248   NtResumeThread  ... 1, ) == 0x0
 01406  1756   NtClose  (388, ...
 01407  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01406  1756   NtClose  ... ) == 0x0
 01407  1248   NtAllocateVirtualMemory  ... 44826624, 1048576, ) == 0x0
 01408  1756   NtWaitForSingleObject  (88, 0, 0x0, ...
 01405  1580   NtClose  ... ) == 0x0
 01409  2044   NtWaitForSingleObject  (88, 0, 0x0, ...
 01410  1248   NtAllocateVirtualMemory  (-1, 45867008, 0, 8192, 4096, 4, ... 45867008, 8192, ) == 0x0
 01411  1248   NtProtectVirtualMemory  (-1, (0x2bbe000), 4096, 260, ... (0x2bbe000), 4096, 4, ) == 0x0
 01412  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 408, {1656, 240}, ) == 0x0
 01413  1248   NtQueryInformationThread  (408, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff97000,Pid=1656,Tid=240,}, 0x0, ) == 0x0
 01414  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57979, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57979, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0x\6\0\0\360\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 57981, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0x\6\0\0\360\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57981, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57979, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0x\6\0\0\360\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 57981, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\1\0\0x\6\0\0\360\0\0\0" )  ) == 0x0
 01415  1248   NtResumeThread  (408, ... 1, ) == 0x0
 01416  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 45875200, 1048576, ) == 0x0
 01417  1248   NtAllocateVirtualMemory  (-1, 46915584, 0, 8192, 4096, 4, ... 46915584, 8192, ) == 0x0
 01418  1248   NtProtectVirtualMemory  (-1, (0x2cbe000), 4096, 260, ...
 01419   240   NtWaitForSingleObject  (88, 0, 0x0, ...
 01418  1248   NtProtectVirtualMemory  ... (0x2cbe000), 4096, 4, ) == 0x0
 01420  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 388, {1656, 968}, ) == 0x0
 01421  1248   NtQueryInformationThread  (388, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff96000,Pid=1656,Tid=968,}, 0x0, ) == 0x0
 01422  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57981, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57981, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0x\6\0\0\310\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 57982, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0x\6\0\0\310\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57982, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57981, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0x\6\0\0\310\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 57982, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\1\0\0x\6\0\0\310\3\0\0" )  ) == 0x0
 01423  1248   NtResumeThread  (388, ... 1, ) == 0x0
 01424  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 46923776, 1048576, ) == 0x0
 01425   968   NtWaitForSingleObject  (88, 0, 0x0, ...
 01426  1248   NtAllocateVirtualMemory  (-1, 47964160, 0, 8192, 4096, 4, ... 47964160, 8192, ) == 0x0
 01427  1248   NtProtectVirtualMemory  (-1, (0x2dbe000), 4096, 260, ... (0x2dbe000), 4096, 4, ) == 0x0
 01428  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 376, {1656, 308}, ) == 0x0
 01429  1248   NtQueryInformationThread  (376, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff95000,Pid=1656,Tid=308,}, 0x0, ) == 0x0
 01430  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57982, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57982, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0x\6\0\04\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 57983, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0x\6\0\04\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57983, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57982, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0x\6\0\04\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 57983, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\1\0\0x\6\0\04\1\0\0" )  ) == 0x0
 01431  1248   NtResumeThread  (376, ... 1, ) == 0x0
 01432  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 47972352, 1048576, ) == 0x0
 01433  1248   NtAllocateVirtualMemory  (-1, 49012736, 0, 8192, 4096, 4, ... 49012736, 8192, ) == 0x0
 01434  1248   NtProtectVirtualMemory  (-1, (0x2ebe000), 4096, 260, ...
 01435   308   NtWaitForSingleObject  (88, 0, 0x0, ...
 01434  1248   NtProtectVirtualMemory  ... (0x2ebe000), 4096, 4, ) == 0x0
 01436  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 396, {1656, 764}, ) == 0x0
 01437  1248   NtQueryInformationThread  (396, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff94000,Pid=1656,Tid=764,}, 0x0, ) == 0x0
 01438  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57983, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57983, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0x\6\0\0\374\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 57984, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0x\6\0\0\374\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57984, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57983, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0x\6\0\0\374\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 57984, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\1\0\0x\6\0\0\374\2\0\0" )  ) == 0x0
 01439  1248   NtResumeThread  (396, ... 1, ) == 0x0
 01440  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 49020928, 1048576, ) == 0x0
 01441   764   NtWaitForSingleObject  (88, 0, 0x0, ...
 01442  1248   NtAllocateVirtualMemory  (-1, 50061312, 0, 8192, 4096, 4, ... 50061312, 8192, ) == 0x0
 01443  1248   NtProtectVirtualMemory  (-1, (0x2fbe000), 4096, 260, ... (0x2fbe000), 4096, 4, ) == 0x0
 01444  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 412, {1656, 2000}, ) == 0x0
 01445  1248   NtQueryInformationThread  (412, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff93000,Pid=1656,Tid=2000,}, 0x0, ) == 0x0
 01446  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57984, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57984, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0x\6\0\0\320\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57985, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0x\6\0\0\320\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57985, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57984, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0x\6\0\0\320\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57985, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\1\0\0x\6\0\0\320\7\0\0" )  ) == 0x0
 01447  1248   NtResumeThread  (412, ... 1, ) == 0x0
 01448  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 50069504, 1048576, ) == 0x0
 01449  1248   NtAllocateVirtualMemory  (-1, 51109888, 0, 8192, 4096, 4, ... 51109888, 8192, ) == 0x0
 01450  1248   NtProtectVirtualMemory  (-1, (0x30be000), 4096, 260, ...
 01451  2000   NtWaitForSingleObject  (88, 0, 0x0, ...
 01450  1248   NtProtectVirtualMemory  ... (0x30be000), 4096, 4, ) == 0x0
 01452  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 416, {1656, 1852}, ) == 0x0
 01453  1248   NtQueryInformationThread  (416, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff92000,Pid=1656,Tid=1852,}, 0x0, ) == 0x0
 01454  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57985, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57985, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0x\6\0\0<\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0x\6\0\0<\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57986, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57985, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0x\6\0\0<\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\1\0\0x\6\0\0<\7\0\0" )  ) == 0x0
 01455  1248   NtResumeThread  (416, ... 1, ) == 0x0
 01456  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 51118080, 1048576, ) == 0x0
 01457  1852   NtWaitForSingleObject  (88, 0, 0x0, ...
 01458  1248   NtAllocateVirtualMemory  (-1, 52158464, 0, 8192, 4096, 4, ... 52158464, 8192, ) == 0x0
 01459  1248   NtProtectVirtualMemory  (-1, (0x31be000), 4096, 260, ... (0x31be000), 4096, 4, ) == 0x0
 01460  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 420, {1656, 1420}, ) == 0x0
 01461  1248   NtQueryInformationThread  (420, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff91000,Pid=1656,Tid=1420,}, 0x0, ) == 0x0
 01462  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57986, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0x\6\0\0\214\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 57987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0x\6\0\0\214\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57987, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57986, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0x\6\0\0\214\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 57987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\1\0\0x\6\0\0\214\5\0\0" )  ) == 0x0
 01463  1248   NtResumeThread  (420, ... 1, ) == 0x0
 01464  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 52166656, 1048576, ) == 0x0
 01465  1248   NtAllocateVirtualMemory  (-1, 53207040, 0, 8192, 4096, 4, ... 53207040, 8192, ) == 0x0
 01466  1248   NtProtectVirtualMemory  (-1, (0x32be000), 4096, 260, ...
 01467  1420   NtWaitForSingleObject  (88, 0, 0x0, ...
 01466  1248   NtProtectVirtualMemory  ... (0x32be000), 4096, 4, ) == 0x0
 01468  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 424, {1656, 164}, ) == 0x0
 01469  1248   NtQueryInformationThread  (424, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff90000,Pid=1656,Tid=164,}, 0x0, ) == 0x0
 01470  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57987, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0x\6\0\0\244\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 57988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0x\6\0\0\244\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57988, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57987, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0x\6\0\0\244\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 57988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\1\0\0x\6\0\0\244\0\0\0" )  ) == 0x0
 01471  1248   NtResumeThread  (424, ... 1, ) == 0x0
 01472  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 53215232, 1048576, ) == 0x0
 01473   164   NtWaitForSingleObject  (88, 0, 0x0, ...
 01474  1248   NtAllocateVirtualMemory  (-1, 54255616, 0, 8192, 4096, 4, ... 54255616, 8192, ) == 0x0
 01475  1248   NtProtectVirtualMemory  (-1, (0x33be000), 4096, 260, ... (0x33be000), 4096, 4, ) == 0x0
 01476  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 428, {1656, 1564}, ) == 0x0
 01477  1248   NtQueryInformationThread  (428, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8f000,Pid=1656,Tid=1564,}, 0x0, ) == 0x0
 01478  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57988, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0x\6\0\0\34\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0x\6\0\0\34\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57989, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57988, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0x\6\0\0\34\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\1\0\0x\6\0\0\34\6\0\0" )  ) == 0x0
 01479  1248   NtResumeThread  (428, ... 1, ) == 0x0
 01480  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 54263808, 1048576, ) == 0x0
 01481  1248   NtAllocateVirtualMemory  (-1, 55304192, 0, 8192, 4096, 4, ... 55304192, 8192, ) == 0x0
 01482  1248   NtProtectVirtualMemory  (-1, (0x34be000), 4096, 260, ...
 01483  1564   NtWaitForSingleObject  (88, 0, 0x0, ...
 01482  1248   NtProtectVirtualMemory  ... (0x34be000), 4096, 4, ) == 0x0
 01484  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 432, {1656, 1592}, ) == 0x0
 01485  1248   NtQueryInformationThread  (432, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8e000,Pid=1656,Tid=1592,}, 0x0, ) == 0x0
 01486  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57989, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0x\6\0\08\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0x\6\0\08\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57990, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57989, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0x\6\0\08\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\1\0\0x\6\0\08\6\0\0" )  ) == 0x0
 01487  1248   NtResumeThread  (432, ... 1, ) == 0x0
 01488  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 55312384, 1048576, ) == 0x0
 01489  1592   NtWaitForSingleObject  (88, 0, 0x0, ...
 01490  1248   NtAllocateVirtualMemory  (-1, 56352768, 0, 8192, 4096, 4, ... 56352768, 8192, ) == 0x0
 01491  1248   NtProtectVirtualMemory  (-1, (0x35be000), 4096, 260, ... (0x35be000), 4096, 4, ) == 0x0
 01492  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 436, {1656, 2032}, ) == 0x0
 01493  1248   NtQueryInformationThread  (436, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8d000,Pid=1656,Tid=2032,}, 0x0, ) == 0x0
 01494  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57990, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0x\6\0\0\360\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0x\6\0\0\360\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57991, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57990, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0x\6\0\0\360\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\1\0\0x\6\0\0\360\7\0\0" )  ) == 0x0
 01495  1248   NtResumeThread  (436, ... 1, ) == 0x0
 01496  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 56360960, 1048576, ) == 0x0
 01497  1248   NtAllocateVirtualMemory  (-1, 57401344, 0, 8192, 4096, 4, ... 57401344, 8192, ) == 0x0
 01498  1248   NtProtectVirtualMemory  (-1, (0x36be000), 4096, 260, ...
 01499  2032   NtWaitForSingleObject  (88, 0, 0x0, ...
 01498  1248   NtProtectVirtualMemory  ... (0x36be000), 4096, 4, ) == 0x0
 01500  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 440, {1656, 1500}, ) == 0x0
 01501  1248   NtQueryInformationThread  (440, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8c000,Pid=1656,Tid=1500,}, 0x0, ) == 0x0
 01502  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57991, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0x\6\0\0\334\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 57992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0x\6\0\0\334\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57992, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57991, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0x\6\0\0\334\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 57992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\1\0\0x\6\0\0\334\5\0\0" )  ) == 0x0
 01503  1248   NtResumeThread  (440, ... 1, ) == 0x0
 01504  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 57409536, 1048576, ) == 0x0
 01505  1500   NtWaitForSingleObject  (88, 0, 0x0, ...
 01506  1248   NtAllocateVirtualMemory  (-1, 58449920, 0, 8192, 4096, 4, ... 58449920, 8192, ) == 0x0
 01507  1248   NtProtectVirtualMemory  (-1, (0x37be000), 4096, 260, ... (0x37be000), 4096, 4, ) == 0x0
 01508  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 444, {1656, 932}, ) == 0x0
 01509  1248   NtQueryInformationThread  (444, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8b000,Pid=1656,Tid=932,}, 0x0, ) == 0x0
 01510  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57992, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0x\6\0\0\244\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 57993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0x\6\0\0\244\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57993, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57992, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0x\6\0\0\244\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 57993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\1\0\0x\6\0\0\244\3\0\0" )  ) == 0x0
 01511  1248   NtResumeThread  (444, ... 1, ) == 0x0
 01512  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 58458112, 1048576, ) == 0x0
 01513  1248   NtAllocateVirtualMemory  (-1, 59498496, 0, 8192, 4096, 4, ... 59498496, 8192, ) == 0x0
 01514  1248   NtProtectVirtualMemory  (-1, (0x38be000), 4096, 260, ...
 01515   932   NtWaitForSingleObject  (88, 0, 0x0, ...
 01514  1248   NtProtectVirtualMemory  ... (0x38be000), 4096, 4, ) == 0x0
 01516  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 448, {1656, 1528}, ) == 0x0
 01517  1248   NtQueryInformationThread  (448, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8a000,Pid=1656,Tid=1528,}, 0x0, ) == 0x0
 01518  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57993, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0x\6\0\0\370\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 57994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0x\6\0\0\370\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57994, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57993, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0x\6\0\0\370\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 57994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\1\0\0x\6\0\0\370\5\0\0" )  ) == 0x0
 01519  1248   NtResumeThread  (448, ... 1, ) == 0x0
 01520  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 59506688, 1048576, ) == 0x0
 01521  1528   NtWaitForSingleObject  (88, 0, 0x0, ...
 01522  1248   NtAllocateVirtualMemory  (-1, 60547072, 0, 8192, 4096, 4, ... 60547072, 8192, ) == 0x0
 01523  1248   NtProtectVirtualMemory  (-1, (0x39be000), 4096, 260, ... (0x39be000), 4096, 4, ) == 0x0
 01524  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 452, {1656, 1780}, ) == 0x0
 01525  1248   NtQueryInformationThread  (452, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff89000,Pid=1656,Tid=1780,}, 0x0, ) == 0x0
 01526  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57994, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0x\6\0\0\364\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0x\6\0\0\364\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57995, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57994, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0x\6\0\0\364\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\1\0\0x\6\0\0\364\6\0\0" )  ) == 0x0
 01527  1248   NtResumeThread  (452, ... 1, ) == 0x0
 01528  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 60555264, 1048576, ) == 0x0
 01529  1248   NtAllocateVirtualMemory  (-1, 61595648, 0, 8192, 4096, 4, ... 61595648, 8192, ) == 0x0
 01530  1248   NtProtectVirtualMemory  (-1, (0x3abe000), 4096, 260, ...
 01531  1780   NtWaitForSingleObject  (88, 0, 0x0, ...
 01530  1248   NtProtectVirtualMemory  ... (0x3abe000), 4096, 4, ) == 0x0
 01532  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 456, {1656, 1804}, ) == 0x0
 01533  1248   NtQueryInformationThread  (456, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff88000,Pid=1656,Tid=1804,}, 0x0, ) == 0x0
 01534  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57995, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0x\6\0\0\14\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0x\6\0\0\14\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57996, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57995, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0x\6\0\0\14\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 57996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\1\0\0x\6\0\0\14\7\0\0" )  ) == 0x0
 01535  1248   NtResumeThread  (456, ... 1, ) == 0x0
 01536  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 61603840, 1048576, ) == 0x0
 01537  1804   NtWaitForSingleObject  (88, 0, 0x0, ...
 01538  1248   NtAllocateVirtualMemory  (-1, 62644224, 0, 8192, 4096, 4, ... 62644224, 8192, ) == 0x0
 01539  1248   NtProtectVirtualMemory  (-1, (0x3bbe000), 4096, 260, ... (0x3bbe000), 4096, 4, ) == 0x0
 01540  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 460, {1656, 1644}, ) == 0x0
 01541  1248   NtQueryInformationThread  (460, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff87000,Pid=1656,Tid=1644,}, 0x0, ) == 0x0
 01542  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57996, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0x\6\0\0l\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0x\6\0\0l\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57997, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57996, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0x\6\0\0l\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 57997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\1\0\0x\6\0\0l\6\0\0" )  ) == 0x0
 01543  1248   NtResumeThread  (460, ... 1, ) == 0x0
 01544  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 62652416, 1048576, ) == 0x0
 01545  1248   NtAllocateVirtualMemory  (-1, 63692800, 0, 8192, 4096, 4, ... 63692800, 8192, ) == 0x0
 01546  1248   NtProtectVirtualMemory  (-1, (0x3cbe000), 4096, 260, ...
 01547  1644   NtWaitForSingleObject  (88, 0, 0x0, ...
 01546  1248   NtProtectVirtualMemory  ... (0x3cbe000), 4096, 4, ) == 0x0
 01548  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 464, {1656, 336}, ) == 0x0
 01549  1248   NtQueryInformationThread  (464, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff86000,Pid=1656,Tid=336,}, 0x0, ) == 0x0
 01550  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57997, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0x\6\0\0P\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 57998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0x\6\0\0P\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57998, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57997, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0x\6\0\0P\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 57998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\1\0\0x\6\0\0P\1\0\0" )  ) == 0x0
 01551  1248   NtResumeThread  (464, ... 1, ) == 0x0
 01552  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 63700992, 1048576, ) == 0x0
 01553   336   NtWaitForSingleObject  (88, 0, 0x0, ...
 01554  1248   NtAllocateVirtualMemory  (-1, 64741376, 0, 8192, 4096, 4, ... 64741376, 8192, ) == 0x0
 01555  1248   NtProtectVirtualMemory  (-1, (0x3dbe000), 4096, 260, ... (0x3dbe000), 4096, 4, ) == 0x0
 01556  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 468, {1656, 800}, ) == 0x0
 01557  1248   NtQueryInformationThread  (468, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff85000,Pid=1656,Tid=800,}, 0x0, ) == 0x0
 01558  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57998, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0x\6\0\0 \3\0\0" ... {28, 56, reply, 0, 1656, 1248, 57999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0x\6\0\0 \3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 57999, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57998, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0x\6\0\0 \3\0\0" ... {28, 56, reply, 0, 1656, 1248, 57999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\1\0\0x\6\0\0 \3\0\0" )  ) == 0x0
 01559  1248   NtResumeThread  (468, ... 1, ) == 0x0
 01560  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 64749568, 1048576, ) == 0x0
 01561  1248   NtAllocateVirtualMemory  (-1, 65789952, 0, 8192, 4096, 4, ... 65789952, 8192, ) == 0x0
 01562  1248   NtProtectVirtualMemory  (-1, (0x3ebe000), 4096, 260, ...
 01563   800   NtWaitForSingleObject  (88, 0, 0x0, ...
 01562  1248   NtProtectVirtualMemory  ... (0x3ebe000), 4096, 4, ) == 0x0
 01564  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 472, {1656, 504}, ) == 0x0
 01565  1248   NtQueryInformationThread  (472, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff84000,Pid=1656,Tid=504,}, 0x0, ) == 0x0
 01566  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 57999, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0x\6\0\0\370\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0x\6\0\0\370\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58000, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 57999, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0x\6\0\0\370\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\1\0\0x\6\0\0\370\1\0\0" )  ) == 0x0
 01567  1248   NtResumeThread  (472, ... 1, ) == 0x0
 01568  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 65798144, 1048576, ) == 0x0
 01569   504   NtWaitForSingleObject  (88, 0, 0x0, ...
 01570  1248   NtAllocateVirtualMemory  (-1, 66838528, 0, 8192, 4096, 4, ... 66838528, 8192, ) == 0x0
 01571  1248   NtProtectVirtualMemory  (-1, (0x3fbe000), 4096, 260, ... (0x3fbe000), 4096, 4, ) == 0x0
 01572  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 476, {1656, 888}, ) == 0x0
 01573  1248   NtQueryInformationThread  (476, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff83000,Pid=1656,Tid=888,}, 0x0, ) == 0x0
 01574  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58000, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0x\6\0\0x\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0x\6\0\0x\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58001, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58000, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0x\6\0\0x\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\1\0\0x\6\0\0x\3\0\0" )  ) == 0x0
 01575  1248   NtResumeThread  (476, ... 1, ) == 0x0
 01576  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 66846720, 1048576, ) == 0x0
 01577  1248   NtAllocateVirtualMemory  (-1, 67887104, 0, 8192, 4096, 4, ... 67887104, 8192, ) == 0x0
 01578  1248   NtProtectVirtualMemory  (-1, (0x40be000), 4096, 260, ...
 01579   888   NtWaitForSingleObject  (88, 0, 0x0, ...
 01578  1248   NtProtectVirtualMemory  ... (0x40be000), 4096, 4, ) == 0x0
 01580  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 480, {1656, 1392}, ) == 0x0
 01581  1248   NtQueryInformationThread  (480, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff82000,Pid=1656,Tid=1392,}, 0x0, ) == 0x0
 01582  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58001, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0x\6\0\0p\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0x\6\0\0p\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58002, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58001, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0x\6\0\0p\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\1\0\0x\6\0\0p\5\0\0" )  ) == 0x0
 01583  1248   NtResumeThread  (480, ... 1, ) == 0x0
 01584  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 67895296, 1048576, ) == 0x0
 01585  1392   NtWaitForSingleObject  (88, 0, 0x0, ...
 01586  1248   NtAllocateVirtualMemory  (-1, 68935680, 0, 8192, 4096, 4, ... 68935680, 8192, ) == 0x0
 01587  1248   NtProtectVirtualMemory  (-1, (0x41be000), 4096, 260, ... (0x41be000), 4096, 4, ) == 0x0
 01588  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 484, {1656, 2020}, ) == 0x0
 01589  1248   NtQueryInformationThread  (484, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff81000,Pid=1656,Tid=2020,}, 0x0, ) == 0x0
 01590  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58002, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0x\6\0\0\344\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0x\6\0\0\344\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58003, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58002, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0x\6\0\0\344\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\1\0\0x\6\0\0\344\7\0\0" )  ) == 0x0
 01591  1248   NtResumeThread  (484, ... 1, ) == 0x0
 01592  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 68943872, 1048576, ) == 0x0
 01593  1248   NtAllocateVirtualMemory  (-1, 69984256, 0, 8192, 4096, 4, ... 69984256, 8192, ) == 0x0
 01594  1248   NtProtectVirtualMemory  (-1, (0x42be000), 4096, 260, ...
 01595  2020   NtWaitForSingleObject  (88, 0, 0x0, ...
 01594  1248   NtProtectVirtualMemory  ... (0x42be000), 4096, 4, ) == 0x0
 01596  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 488, {1656, 740}, ) == 0x0
 01597  1248   NtQueryInformationThread  (488, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff80000,Pid=1656,Tid=740,}, 0x0, ) == 0x0
 01598  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58003, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0x\6\0\0\344\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0x\6\0\0\344\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58004, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58003, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0x\6\0\0\344\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\1\0\0x\6\0\0\344\2\0\0" )  ) == 0x0
 01599  1248   NtResumeThread  (488, ... 1, ) == 0x0
 01600  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 69992448, 1048576, ) == 0x0
 01601   740   NtWaitForSingleObject  (88, 0, 0x0, ...
 01602  1248   NtAllocateVirtualMemory  (-1, 71032832, 0, 8192, 4096, 4, ... 71032832, 8192, ) == 0x0
 01603  1248   NtProtectVirtualMemory  (-1, (0x43be000), 4096, 260, ... (0x43be000), 4096, 4, ) == 0x0
 01604  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 492, {1656, 1676}, ) == 0x0
 01605  1248   NtQueryInformationThread  (492, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7f000,Pid=1656,Tid=1676,}, 0x0, ) == 0x0
 01606  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58004, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0x\6\0\0\214\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0x\6\0\0\214\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58005, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58004, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0x\6\0\0\214\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\1\0\0x\6\0\0\214\6\0\0" )  ) == 0x0
 01607  1248   NtResumeThread  (492, ... 1, ) == 0x0
 01608  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 71041024, 1048576, ) == 0x0
 01609  1676   NtWaitForSingleObject  (88, 0, 0x0, ...
 01610  1248   NtAllocateVirtualMemory  (-1, 72081408, 0, 8192, 4096, 4, ... 72081408, 8192, ) == 0x0
 01611  1248   NtProtectVirtualMemory  (-1, (0x44be000), 4096, 260, ... (0x44be000), 4096, 4, ) == 0x0
 01612  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 496, {1656, 496}, ) == 0x0
 01613  1248   NtQueryInformationThread  (496, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7e000,Pid=1656,Tid=496,}, 0x0, ) == 0x0
 01614  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58005, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0x\6\0\0\360\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0x\6\0\0\360\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58006, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58005, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0x\6\0\0\360\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\1\0\0x\6\0\0\360\1\0\0" )  ) == 0x0
 01615  1248   NtResumeThread  (496, ... 1, ) == 0x0
 01616  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 72089600, 1048576, ) == 0x0
 01617  1248   NtAllocateVirtualMemory  (-1, 73129984, 0, 8192, 4096, 4, ... 73129984, 8192, ) == 0x0
 01618  1248   NtProtectVirtualMemory  (-1, (0x45be000), 4096, 260, ...
 01619   496   NtWaitForSingleObject  (88, 0, 0x0, ...
 01618  1248   NtProtectVirtualMemory  ... (0x45be000), 4096, 4, ) == 0x0
 01620  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 500, {1656, 1020}, ) == 0x0
 01621  1248   NtQueryInformationThread  (500, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7d000,Pid=1656,Tid=1020,}, 0x0, ) == 0x0
 01622  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58006, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0x\6\0\0\374\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0x\6\0\0\374\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58007, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58006, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0x\6\0\0\374\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\1\0\0x\6\0\0\374\3\0\0" )  ) == 0x0
 01623  1248   NtResumeThread  (500, ... 1, ) == 0x0
 01624  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 73138176, 1048576, ) == 0x0
 01625  1020   NtWaitForSingleObject  (88, 0, 0x0, ...
 01626  1248   NtAllocateVirtualMemory  (-1, 74178560, 0, 8192, 4096, 4, ... 74178560, 8192, ) == 0x0
 01627  1248   NtProtectVirtualMemory  (-1, (0x46be000), 4096, 260, ... (0x46be000), 4096, 4, ) == 0x0
 01628  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 504, {1656, 432}, ) == 0x0
 01629  1248   NtQueryInformationThread  (504, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7c000,Pid=1656,Tid=432,}, 0x0, ) == 0x0
 01630  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58007, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0x\6\0\0\260\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0x\6\0\0\260\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58008, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58007, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0x\6\0\0\260\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\1\0\0x\6\0\0\260\1\0\0" )  ) == 0x0
 01631  1248   NtResumeThread  (504, ... 1, ) == 0x0
 01632  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 74186752, 1048576, ) == 0x0
 01633  1248   NtAllocateVirtualMemory  (-1, 75227136, 0, 8192, 4096, 4, ... 75227136, 8192, ) == 0x0
 01634  1248   NtProtectVirtualMemory  (-1, (0x47be000), 4096, 260, ...
 01635   432   NtWaitForSingleObject  (88, 0, 0x0, ...
 01634  1248   NtProtectVirtualMemory  ... (0x47be000), 4096, 4, ) == 0x0
 01636  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 508, {1656, 1332}, ) == 0x0
 01637  1248   NtQueryInformationThread  (508, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7b000,Pid=1656,Tid=1332,}, 0x0, ) == 0x0
 01638  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58008, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0x\6\0\04\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0x\6\0\04\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58009, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58008, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0x\6\0\04\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\1\0\0x\6\0\04\5\0\0" )  ) == 0x0
 01639  1248   NtResumeThread  (508, ... 1, ) == 0x0
 01640  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 75235328, 1048576, ) == 0x0
 01641  1332   NtWaitForSingleObject  (88, 0, 0x0, ...
 01642  1248   NtAllocateVirtualMemory  (-1, 76275712, 0, 8192, 4096, 4, ... 76275712, 8192, ) == 0x0
 01643  1248   NtProtectVirtualMemory  (-1, (0x48be000), 4096, 260, ... (0x48be000), 4096, 4, ) == 0x0
 01644  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 512, {1656, 1328}, ) == 0x0
 01645  1248   NtQueryInformationThread  (512, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7a000,Pid=1656,Tid=1328,}, 0x0, ) == 0x0
 01646  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58009, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0x\6\0\00\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0x\6\0\00\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58010, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58009, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0x\6\0\00\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\2\0\0x\6\0\00\5\0\0" )  ) == 0x0
 01647  1248   NtResumeThread  (512, ... 1, ) == 0x0
 01648  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 76283904, 1048576, ) == 0x0
 01649  1248   NtAllocateVirtualMemory  (-1, 77324288, 0, 8192, 4096, 4, ... 77324288, 8192, ) == 0x0
 01650  1248   NtProtectVirtualMemory  (-1, (0x49be000), 4096, 260, ...
 01651  1328   NtWaitForSingleObject  (88, 0, 0x0, ...
 01650  1248   NtProtectVirtualMemory  ... (0x49be000), 4096, 4, ) == 0x0
 01652  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 516, {1656, 752}, ) == 0x0
 01653  1248   NtQueryInformationThread  (516, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff79000,Pid=1656,Tid=752,}, 0x0, ) == 0x0
 01654  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58010, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0x\6\0\0\360\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0x\6\0\0\360\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58011, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58010, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0x\6\0\0\360\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\2\0\0x\6\0\0\360\2\0\0" )  ) == 0x0
 01655  1248   NtResumeThread  (516, ... 1, ) == 0x0
 01656  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 77332480, 1048576, ) == 0x0
 01657   752   NtWaitForSingleObject  (88, 0, 0x0, ...
 01658  1248   NtAllocateVirtualMemory  (-1, 78372864, 0, 8192, 4096, 4, ... 78372864, 8192, ) == 0x0
 01659  1248   NtProtectVirtualMemory  (-1, (0x4abe000), 4096, 260, ... (0x4abe000), 4096, 4, ) == 0x0
 01660  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 520, {1656, 120}, ) == 0x0
 01661  1248   NtQueryInformationThread  (520, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff78000,Pid=1656,Tid=120,}, 0x0, ) == 0x0
 01662  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58011, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0x\6\0\0x\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0x\6\0\0x\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58012, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58011, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0x\6\0\0x\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\2\0\0x\6\0\0x\0\0\0" )  ) == 0x0
 01663  1248   NtResumeThread  (520, ... 1, ) == 0x0
 01664  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 78381056, 1048576, ) == 0x0
 01665  1248   NtAllocateVirtualMemory  (-1, 79421440, 0, 8192, 4096, 4, ... 79421440, 8192, ) == 0x0
 01666  1248   NtProtectVirtualMemory  (-1, (0x4bbe000), 4096, 260, ...
 01667   120   NtWaitForSingleObject  (88, 0, 0x0, ...
 01666  1248   NtProtectVirtualMemory  ... (0x4bbe000), 4096, 4, ) == 0x0
 01668  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 524, {1656, 1732}, ) == 0x0
 01669  1248   NtQueryInformationThread  (524, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff77000,Pid=1656,Tid=1732,}, 0x0, ) == 0x0
 01670  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58012, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0x\6\0\0\304\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0x\6\0\0\304\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58013, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58012, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0x\6\0\0\304\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\2\0\0x\6\0\0\304\6\0\0" )  ) == 0x0
 01671  1248   NtResumeThread  (524, ... 1, ) == 0x0
 01672  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 79429632, 1048576, ) == 0x0
 01673  1732   NtWaitForSingleObject  (88, 0, 0x0, ...
 01674  1248   NtAllocateVirtualMemory  (-1, 80470016, 0, 8192, 4096, 4, ... 80470016, 8192, ) == 0x0
 01675  1248   NtProtectVirtualMemory  (-1, (0x4cbe000), 4096, 260, ... (0x4cbe000), 4096, 4, ) == 0x0
 01676  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 528, {1656, 188}, ) == 0x0
 01677  1248   NtQueryInformationThread  (528, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff76000,Pid=1656,Tid=188,}, 0x0, ) == 0x0
 01678  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58013, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0x\6\0\0\274\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0x\6\0\0\274\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58014, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58013, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0x\6\0\0\274\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\2\0\0x\6\0\0\274\0\0\0" )  ) == 0x0
 01679  1248   NtResumeThread  (528, ... 1, ) == 0x0
 01680  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 80478208, 1048576, ) == 0x0
 01681  1248   NtAllocateVirtualMemory  (-1, 81518592, 0, 8192, 4096, 4, ... 81518592, 8192, ) == 0x0
 01682  1248   NtProtectVirtualMemory  (-1, (0x4dbe000), 4096, 260, ...
 01683   188   NtWaitForSingleObject  (88, 0, 0x0, ...
 01682  1248   NtProtectVirtualMemory  ... (0x4dbe000), 4096, 4, ) == 0x0
 01684  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 532, {1656, 1636}, ) == 0x0
 01685  1248   NtQueryInformationThread  (532, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff75000,Pid=1656,Tid=1636,}, 0x0, ) == 0x0
 01686  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58014, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0x\6\0\0d\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0x\6\0\0d\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58015, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58014, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0x\6\0\0d\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\2\0\0x\6\0\0d\6\0\0" )  ) == 0x0
 01687  1248   NtResumeThread  (532, ... 1, ) == 0x0
 01688  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 81526784, 1048576, ) == 0x0
 01689  1636   NtWaitForSingleObject  (88, 0, 0x0, ...
 01690  1248   NtAllocateVirtualMemory  (-1, 82567168, 0, 8192, 4096, 4, ... 82567168, 8192, ) == 0x0
 01691  1248   NtProtectVirtualMemory  (-1, (0x4ebe000), 4096, 260, ... (0x4ebe000), 4096, 4, ) == 0x0
 01692  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 536, {1656, 624}, ) == 0x0
 01693  1248   NtQueryInformationThread  (536, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff74000,Pid=1656,Tid=624,}, 0x0, ) == 0x0
 01694  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58015, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0x\6\0\0p\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0x\6\0\0p\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58016, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58015, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0x\6\0\0p\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\2\0\0x\6\0\0p\2\0\0" )  ) == 0x0
 01695  1248   NtResumeThread  (536, ... 1, ) == 0x0
 01696  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 82575360, 1048576, ) == 0x0
 01697  1248   NtAllocateVirtualMemory  (-1, 83615744, 0, 8192, 4096, 4, ... 83615744, 8192, ) == 0x0
 01698  1248   NtProtectVirtualMemory  (-1, (0x4fbe000), 4096, 260, ...
 01699   624   NtWaitForSingleObject  (88, 0, 0x0, ...
 01698  1248   NtProtectVirtualMemory  ... (0x4fbe000), 4096, 4, ) == 0x0
 01700  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 540, {1656, 1948}, ) == 0x0
 01701  1248   NtQueryInformationThread  (540, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff73000,Pid=1656,Tid=1948,}, 0x0, ) == 0x0
 01702  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58016, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0x\6\0\0\234\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0x\6\0\0\234\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58017, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58016, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0x\6\0\0\234\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\2\0\0x\6\0\0\234\7\0\0" )  ) == 0x0
 01703  1248   NtResumeThread  (540, ... 1, ) == 0x0
 01704  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 83623936, 1048576, ) == 0x0
 01705  1948   NtWaitForSingleObject  (88, 0, 0x0, ...
 01706  1248   NtAllocateVirtualMemory  (-1, 84664320, 0, 8192, 4096, 4, ... 84664320, 8192, ) == 0x0
 01707  1248   NtProtectVirtualMemory  (-1, (0x50be000), 4096, 260, ... (0x50be000), 4096, 4, ) == 0x0
 01708  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 544, {1656, 988}, ) == 0x0
 01709  1248   NtQueryInformationThread  (544, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff72000,Pid=1656,Tid=988,}, 0x0, ) == 0x0
 01710  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58017, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0x\6\0\0\334\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0x\6\0\0\334\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58018, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58017, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0x\6\0\0\334\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \2\0\0x\6\0\0\334\3\0\0" )  ) == 0x0
 01711  1248   NtResumeThread  (544, ... 1, ) == 0x0
 01712  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 84672512, 1048576, ) == 0x0
 01713  1248   NtAllocateVirtualMemory  (-1, 85712896, 0, 8192, 4096, 4, ... 85712896, 8192, ) == 0x0
 01714  1248   NtProtectVirtualMemory  (-1, (0x51be000), 4096, 260, ...
 01715   988   NtWaitForSingleObject  (88, 0, 0x0, ...
 01714  1248   NtProtectVirtualMemory  ... (0x51be000), 4096, 4, ) == 0x0
 01716  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 548, {1656, 468}, ) == 0x0
 01717  1248   NtQueryInformationThread  (548, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff71000,Pid=1656,Tid=468,}, 0x0, ) == 0x0
 01718  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58018, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0x\6\0\0\324\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0x\6\0\0\324\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58019, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58018, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0x\6\0\0\324\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\2\0\0x\6\0\0\324\1\0\0" )  ) == 0x0
 01719  1248   NtResumeThread  (548, ... 1, ) == 0x0
 01720  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 85721088, 1048576, ) == 0x0
 01721   468   NtWaitForSingleObject  (88, 0, 0x0, ...
 01722  1248   NtAllocateVirtualMemory  (-1, 86761472, 0, 8192, 4096, 4, ... 86761472, 8192, ) == 0x0
 01723  1248   NtProtectVirtualMemory  (-1, (0x52be000), 4096, 260, ... (0x52be000), 4096, 4, ) == 0x0
 01724  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 552, {1656, 380}, ) == 0x0
 01725  1248   NtQueryInformationThread  (552, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff70000,Pid=1656,Tid=380,}, 0x0, ) == 0x0
 01726  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58019, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0x\6\0\0|\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0x\6\0\0|\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58020, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58019, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0x\6\0\0|\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\2\0\0x\6\0\0|\1\0\0" )  ) == 0x0
 01727  1248   NtResumeThread  (552, ... 1, ) == 0x0
 01728  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 86769664, 1048576, ) == 0x0
 01729  1248   NtAllocateVirtualMemory  (-1, 87810048, 0, 8192, 4096, 4, ... 87810048, 8192, ) == 0x0
 01730  1248   NtProtectVirtualMemory  (-1, (0x53be000), 4096, 260, ...
 01731   380   NtWaitForSingleObject  (88, 0, 0x0, ...
 01730  1248   NtProtectVirtualMemory  ... (0x53be000), 4096, 4, ) == 0x0
 01732  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 556, {1656, 1692}, ) == 0x0
 01733  1248   NtQueryInformationThread  (556, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6f000,Pid=1656,Tid=1692,}, 0x0, ) == 0x0
 01734  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58020, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0x\6\0\0\234\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0x\6\0\0\234\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58021, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58020, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0x\6\0\0\234\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\2\0\0x\6\0\0\234\6\0\0" )  ) == 0x0
 01735  1248   NtResumeThread  (556, ... 1, ) == 0x0
 01736  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 87818240, 1048576, ) == 0x0
 01737  1692   NtWaitForSingleObject  (88, 0, 0x0, ...
 01738  1248   NtAllocateVirtualMemory  (-1, 88858624, 0, 8192, 4096, 4, ... 88858624, 8192, ) == 0x0
 01739  1248   NtProtectVirtualMemory  (-1, (0x54be000), 4096, 260, ... (0x54be000), 4096, 4, ) == 0x0
 01740  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 560, {1656, 1792}, ) == 0x0
 01741  1248   NtQueryInformationThread  (560, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6e000,Pid=1656,Tid=1792,}, 0x0, ) == 0x0
 01742  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58021, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0x\6\0\0\0\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0x\6\0\0\0\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58022, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58021, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0x\6\0\0\0\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\2\0\0x\6\0\0\0\7\0\0" )  ) == 0x0
 01743  1248   NtResumeThread  (560, ... 1, ) == 0x0
 01744  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 88866816, 1048576, ) == 0x0
 01745  1248   NtAllocateVirtualMemory  (-1, 89907200, 0, 8192, 4096, 4, ... 89907200, 8192, ) == 0x0
 01746  1248   NtProtectVirtualMemory  (-1, (0x55be000), 4096, 260, ...
 01747  1792   NtWaitForSingleObject  (88, 0, 0x0, ...
 01746  1248   NtProtectVirtualMemory  ... (0x55be000), 4096, 4, ) == 0x0
 01748  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 564, {1656, 784}, ) == 0x0
 01749  1248   NtQueryInformationThread  (564, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6d000,Pid=1656,Tid=784,}, 0x0, ) == 0x0
 01750  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58022, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0x\6\0\0\20\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0x\6\0\0\20\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58023, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58022, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0x\6\0\0\20\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\2\0\0x\6\0\0\20\3\0\0" )  ) == 0x0
 01751  1248   NtResumeThread  (564, ... 1, ) == 0x0
 01752  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 89915392, 1048576, ) == 0x0
 01753   784   NtWaitForSingleObject  (88, 0, 0x0, ...
 01754  1248   NtAllocateVirtualMemory  (-1, 90955776, 0, 8192, 4096, 4, ... 90955776, 8192, ) == 0x0
 01755  1248   NtProtectVirtualMemory  (-1, (0x56be000), 4096, 260, ... (0x56be000), 4096, 4, ) == 0x0
 01756  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 568, {1656, 1520}, ) == 0x0
 01757  1248   NtQueryInformationThread  (568, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6c000,Pid=1656,Tid=1520,}, 0x0, ) == 0x0
 01758  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58023, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0x\6\0\0\360\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0x\6\0\0\360\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58024, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58023, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0x\6\0\0\360\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\2\0\0x\6\0\0\360\5\0\0" )  ) == 0x0
 01759  1248   NtResumeThread  (568, ... 1, ) == 0x0
 01760  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 90963968, 1048576, ) == 0x0
 01761  1248   NtAllocateVirtualMemory  (-1, 92004352, 0, 8192, 4096, 4, ... 92004352, 8192, ) == 0x0
 01762  1248   NtProtectVirtualMemory  (-1, (0x57be000), 4096, 260, ...
 01763  1520   NtWaitForSingleObject  (88, 0, 0x0, ...
 01762  1248   NtProtectVirtualMemory  ... (0x57be000), 4096, 4, ) == 0x0
 01764  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 572, {1656, 1696}, ) == 0x0
 01765  1248   NtQueryInformationThread  (572, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6b000,Pid=1656,Tid=1696,}, 0x0, ) == 0x0
 01766  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58024, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0x\6\0\0\240\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0x\6\0\0\240\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58025, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58024, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0x\6\0\0\240\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\2\0\0x\6\0\0\240\6\0\0" )  ) == 0x0
 01767  1248   NtResumeThread  (572, ... 1, ) == 0x0
 01768  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 92012544, 1048576, ) == 0x0
 01769  1696   NtWaitForSingleObject  (88, 0, 0x0, ...
 01770  1248   NtAllocateVirtualMemory  (-1, 93052928, 0, 8192, 4096, 4, ... 93052928, 8192, ) == 0x0
 01771  1248   NtProtectVirtualMemory  (-1, (0x58be000), 4096, 260, ... (0x58be000), 4096, 4, ) == 0x0
 01772  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 576, {1656, 1744}, ) == 0x0
 01773  1248   NtQueryInformationThread  (576, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff6a000,Pid=1656,Tid=1744,}, 0x0, ) == 0x0
 01774  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58025, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0x\6\0\0\320\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0x\6\0\0\320\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58026, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58025, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0x\6\0\0\320\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\2\0\0x\6\0\0\320\6\0\0" )  ) == 0x0
 01775  1248   NtResumeThread  (576, ... 1, ) == 0x0
 01776  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 93061120, 1048576, ) == 0x0
 01777  1248   NtAllocateVirtualMemory  (-1, 94101504, 0, 8192, 4096, 4, ... 94101504, 8192, ) == 0x0
 01778  1248   NtProtectVirtualMemory  (-1, (0x59be000), 4096, 260, ...
 01779  1744   NtWaitForSingleObject  (88, 0, 0x0, ...
 01778  1248   NtProtectVirtualMemory  ... (0x59be000), 4096, 4, ) == 0x0
 01780  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 580, {1656, 1124}, ) == 0x0
 01781  1248   NtQueryInformationThread  (580, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff69000,Pid=1656,Tid=1124,}, 0x0, ) == 0x0
 01782  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58026, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0x\6\0\0d\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0x\6\0\0d\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58027, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58026, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0x\6\0\0d\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\2\0\0x\6\0\0d\4\0\0" )  ) == 0x0
 01783  1248   NtResumeThread  (580, ... 1, ) == 0x0
 01784  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 94109696, 1048576, ) == 0x0
 01785  1124   NtWaitForSingleObject  (88, 0, 0x0, ...
 01786  1248   NtAllocateVirtualMemory  (-1, 95150080, 0, 8192, 4096, 4, ... 95150080, 8192, ) == 0x0
 01787  1248   NtProtectVirtualMemory  (-1, (0x5abe000), 4096, 260, ... (0x5abe000), 4096, 4, ) == 0x0
 01788  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 584, {1656, 1496}, ) == 0x0
 01789  1248   NtQueryInformationThread  (584, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff68000,Pid=1656,Tid=1496,}, 0x0, ) == 0x0
 01790  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58027, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0x\6\0\0\330\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0x\6\0\0\330\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58028, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58027, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0x\6\0\0\330\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\2\0\0x\6\0\0\330\5\0\0" )  ) == 0x0
 01791  1248   NtResumeThread  (584, ... 1, ) == 0x0
 01792  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 95158272, 1048576, ) == 0x0
 01793  1248   NtAllocateVirtualMemory  (-1, 96198656, 0, 8192, 4096, 4, ... 96198656, 8192, ) == 0x0
 01794  1248   NtProtectVirtualMemory  (-1, (0x5bbe000), 4096, 260, ...
 01795  1496   NtWaitForSingleObject  (88, 0, 0x0, ...
 01794  1248   NtProtectVirtualMemory  ... (0x5bbe000), 4096, 4, ) == 0x0
 01796  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 588, {1656, 168}, ) == 0x0
 01797  1248   NtQueryInformationThread  (588, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff67000,Pid=1656,Tid=168,}, 0x0, ) == 0x0
 01798  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58028, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0x\6\0\0\250\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0x\6\0\0\250\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58029, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58028, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0x\6\0\0\250\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\2\0\0x\6\0\0\250\0\0\0" )  ) == 0x0
 01799  1248   NtResumeThread  (588, ... 1, ) == 0x0
 01800  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 96206848, 1048576, ) == 0x0
 01801   168   NtWaitForSingleObject  (88, 0, 0x0, ...
 01802  1248   NtAllocateVirtualMemory  (-1, 97247232, 0, 8192, 4096, 4, ... 97247232, 8192, ) == 0x0
 01803  1248   NtProtectVirtualMemory  (-1, (0x5cbe000), 4096, 260, ... (0x5cbe000), 4096, 4, ) == 0x0
 01804  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 592, {1656, 1284}, ) == 0x0
 01805  1248   NtQueryInformationThread  (592, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff66000,Pid=1656,Tid=1284,}, 0x0, ) == 0x0
 01806  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58029, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0x\6\0\0\4\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0x\6\0\0\4\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58030, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58029, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0x\6\0\0\4\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\2\0\0x\6\0\0\4\5\0\0" )  ) == 0x0
 01807  1248   NtResumeThread  (592, ... 1, ) == 0x0
 01808  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 97255424, 1048576, ) == 0x0
 01809  1248   NtAllocateVirtualMemory  (-1, 98295808, 0, 8192, 4096, 4, ... 98295808, 8192, ) == 0x0
 01810  1248   NtProtectVirtualMemory  (-1, (0x5dbe000), 4096, 260, ...
 01811  1284   NtWaitForSingleObject  (88, 0, 0x0, ...
 01810  1248   NtProtectVirtualMemory  ... (0x5dbe000), 4096, 4, ) == 0x0
 01812  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 596, {1656, 1268}, ) == 0x0
 01813  1248   NtQueryInformationThread  (596, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff65000,Pid=1656,Tid=1268,}, 0x0, ) == 0x0
 01814  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58030, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0x\6\0\0\364\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0x\6\0\0\364\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58031, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58030, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0x\6\0\0\364\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\2\0\0x\6\0\0\364\4\0\0" )  ) == 0x0
 01815  1248   NtResumeThread  (596, ... 1, ) == 0x0
 01816  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 98304000, 1048576, ) == 0x0
 01817  1268   NtWaitForSingleObject  (88, 0, 0x0, ...
 01818  1248   NtAllocateVirtualMemory  (-1, 99344384, 0, 8192, 4096, 4, ... 99344384, 8192, ) == 0x0
 01819  1248   NtProtectVirtualMemory  (-1, (0x5ebe000), 4096, 260, ... (0x5ebe000), 4096, 4, ) == 0x0
 01820  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 600, {1656, 840}, ) == 0x0
 01821  1248   NtQueryInformationThread  (600, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff64000,Pid=1656,Tid=840,}, 0x0, ) == 0x0
 01822  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58031, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0x\6\0\0H\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0x\6\0\0H\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58032, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58031, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0x\6\0\0H\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\2\0\0x\6\0\0H\3\0\0" )  ) == 0x0
 01823  1248   NtResumeThread  (600, ... 1, ) == 0x0
 01824  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 99352576, 1048576, ) == 0x0
 01825  1248   NtAllocateVirtualMemory  (-1, 100392960, 0, 8192, 4096, 4, ... 100392960, 8192, ) == 0x0
 01826  1248   NtProtectVirtualMemory  (-1, (0x5fbe000), 4096, 260, ...
 01827   840   NtWaitForSingleObject  (88, 0, 0x0, ...
 01826  1248   NtProtectVirtualMemory  ... (0x5fbe000), 4096, 4, ) == 0x0
 01828  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 604, {1656, 1336}, ) == 0x0
 01829  1248   NtQueryInformationThread  (604, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff63000,Pid=1656,Tid=1336,}, 0x0, ) == 0x0
 01830  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58032, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0x\6\0\08\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0x\6\0\08\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58033, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58032, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0x\6\0\08\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\2\0\0x\6\0\08\5\0\0" )  ) == 0x0
 01831  1248   NtResumeThread  (604, ... 1, ) == 0x0
 01832  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 100401152, 1048576, ) == 0x0
 01833  1248   NtAllocateVirtualMemory  (-1, 101441536, 0, 8192, 4096, 4, ... 101441536, 8192, ) == 0x0
 01834  1248   NtProtectVirtualMemory  (-1, (0x60be000), 4096, 260, ...
 01835  1336   NtWaitForSingleObject  (88, 0, 0x0, ...
 01834  1248   NtProtectVirtualMemory  ... (0x60be000), 4096, 4, ) == 0x0
 01836  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 608, {1656, 1200}, ) == 0x0
 01837  1248   NtQueryInformationThread  (608, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff62000,Pid=1656,Tid=1200,}, 0x0, ) == 0x0
 01838  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58033, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0x\6\0\0\260\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0x\6\0\0\260\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58034, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58033, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0x\6\0\0\260\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\2\0\0x\6\0\0\260\4\0\0" )  ) == 0x0
 01839  1248   NtResumeThread  (608, ... 1, ) == 0x0
 01840  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 101449728, 1048576, ) == 0x0
 01841  1200   NtWaitForSingleObject  (88, 0, 0x0, ...
 01842  1248   NtAllocateVirtualMemory  (-1, 102490112, 0, 8192, 4096, 4, ... 102490112, 8192, ) == 0x0
 01843  1248   NtProtectVirtualMemory  (-1, (0x61be000), 4096, 260, ... (0x61be000), 4096, 4, ) == 0x0
 01844  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 612, {1656, 1920}, ) == 0x0
 01845  1248   NtQueryInformationThread  (612, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff61000,Pid=1656,Tid=1920,}, 0x0, ) == 0x0
 01846  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58034, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0x\6\0\0\200\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0x\6\0\0\200\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58035, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58034, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0x\6\0\0\200\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\2\0\0x\6\0\0\200\7\0\0" )  ) == 0x0
 01847  1248   NtResumeThread  (612, ... 1, ) == 0x0
 01848  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 102498304, 1048576, ) == 0x0
 01849  1248   NtAllocateVirtualMemory  (-1, 103538688, 0, 8192, 4096, 4, ... 103538688, 8192, ) == 0x0
 01850  1248   NtProtectVirtualMemory  (-1, (0x62be000), 4096, 260, ...
 01851  1920   NtWaitForSingleObject  (88, 0, 0x0, ...
 01850  1248   NtProtectVirtualMemory  ... (0x62be000), 4096, 4, ) == 0x0
 01852  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 616, {1656, 896}, ) == 0x0
 01853  1248   NtQueryInformationThread  (616, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff60000,Pid=1656,Tid=896,}, 0x0, ) == 0x0
 01854  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58035, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0x\6\0\0\200\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0x\6\0\0\200\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58036, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58035, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0x\6\0\0\200\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\2\0\0x\6\0\0\200\3\0\0" )  ) == 0x0
 01855  1248   NtResumeThread  (616, ... 1, ) == 0x0
 01856  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 103546880, 1048576, ) == 0x0
 01857   896   NtWaitForSingleObject  (88, 0, 0x0, ...
 01858  1248   NtAllocateVirtualMemory  (-1, 104587264, 0, 8192, 4096, 4, ... 104587264, 8192, ) == 0x0
 01859  1248   NtProtectVirtualMemory  (-1, (0x63be000), 4096, 260, ... (0x63be000), 4096, 4, ) == 0x0
 01860  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 620, {1656, 2016}, ) == 0x0
 01861  1248   NtQueryInformationThread  (620, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5f000,Pid=1656,Tid=2016,}, 0x0, ) == 0x0
 01862  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58036, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0x\6\0\0\340\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0x\6\0\0\340\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58037, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58036, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0x\6\0\0\340\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\2\0\0x\6\0\0\340\7\0\0" )  ) == 0x0
 01863  1248   NtResumeThread  (620, ... 1, ) == 0x0
 01864  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 104595456, 1048576, ) == 0x0
 01865  1248   NtAllocateVirtualMemory  (-1, 105635840, 0, 8192, 4096, 4, ... 105635840, 8192, ) == 0x0
 01866  1248   NtProtectVirtualMemory  (-1, (0x64be000), 4096, 260, ...
 01867  2016   NtWaitForSingleObject  (88, 0, 0x0, ...
 01866  1248   NtProtectVirtualMemory  ... (0x64be000), 4096, 4, ) == 0x0
 01868  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 624, {1656, 2012}, ) == 0x0
 01869  1248   NtQueryInformationThread  (624, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5e000,Pid=1656,Tid=2012,}, 0x0, ) == 0x0
 01870  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58037, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0x\6\0\0\334\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0x\6\0\0\334\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58038, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58037, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0x\6\0\0\334\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\2\0\0x\6\0\0\334\7\0\0" )  ) == 0x0
 01871  1248   NtResumeThread  (624, ... 1, ) == 0x0
 01872  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 105644032, 1048576, ) == 0x0
 01873  2012   NtWaitForSingleObject  (88, 0, 0x0, ...
 01874  1248   NtAllocateVirtualMemory  (-1, 106684416, 0, 8192, 4096, 4, ... 106684416, 8192, ) == 0x0
 01875  1248   NtProtectVirtualMemory  (-1, (0x65be000), 4096, 260, ... (0x65be000), 4096, 4, ) == 0x0
 01876  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 628, {1656, 1604}, ) == 0x0
 01877  1248   NtQueryInformationThread  (628, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5d000,Pid=1656,Tid=1604,}, 0x0, ) == 0x0
 01878  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58038, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0x\6\0\0D\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0x\6\0\0D\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58039, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58038, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0x\6\0\0D\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\2\0\0x\6\0\0D\6\0\0" )  ) == 0x0
 01879  1248   NtResumeThread  (628, ... 1, ) == 0x0
 01880  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 106692608, 1048576, ) == 0x0
 01881  1248   NtAllocateVirtualMemory  (-1, 107732992, 0, 8192, 4096, 4, ... 107732992, 8192, ) == 0x0
 01882  1248   NtProtectVirtualMemory  (-1, (0x66be000), 4096, 260, ...
 01883  1604   NtWaitForSingleObject  (88, 0, 0x0, ...
 01882  1248   NtProtectVirtualMemory  ... (0x66be000), 4096, 4, ) == 0x0
 01884  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 632, {1656, 1572}, ) == 0x0
 01885  1248   NtQueryInformationThread  (632, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5c000,Pid=1656,Tid=1572,}, 0x0, ) == 0x0
 01886  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58039, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0x\6\0\0$\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0x\6\0\0$\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58040, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58039, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0x\6\0\0$\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\2\0\0x\6\0\0$\6\0\0" )  ) == 0x0
 01887  1248   NtResumeThread  (632, ... 1, ) == 0x0
 01888  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 107741184, 1048576, ) == 0x0
 01889  1572   NtWaitForSingleObject  (88, 0, 0x0, ...
 01890  1248   NtAllocateVirtualMemory  (-1, 108781568, 0, 8192, 4096, 4, ... 108781568, 8192, ) == 0x0
 01891  1248   NtProtectVirtualMemory  (-1, (0x67be000), 4096, 260, ... (0x67be000), 4096, 4, ) == 0x0
 01892  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 636, {1656, 596}, ) == 0x0
 01893  1248   NtQueryInformationThread  (636, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5b000,Pid=1656,Tid=596,}, 0x0, ) == 0x0
 01894  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58040, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0x\6\0\0T\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0x\6\0\0T\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58041, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58040, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0x\6\0\0T\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\2\0\0x\6\0\0T\2\0\0" )  ) == 0x0
 01895  1248   NtResumeThread  (636, ... 1, ) == 0x0
 01896  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 108789760, 1048576, ) == 0x0
 01897  1248   NtAllocateVirtualMemory  (-1, 109830144, 0, 8192, 4096, 4, ... 109830144, 8192, ) == 0x0
 01898  1248   NtProtectVirtualMemory  (-1, (0x68be000), 4096, 260, ...
 01899   596   NtWaitForSingleObject  (88, 0, 0x0, ...
 01898  1248   NtProtectVirtualMemory  ... (0x68be000), 4096, 4, ) == 0x0
 01900  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 640, {1656, 376}, ) == 0x0
 01901  1248   NtQueryInformationThread  (640, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5a000,Pid=1656,Tid=376,}, 0x0, ) == 0x0
 01902  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58041, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0x\6\0\0x\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0x\6\0\0x\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58042, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58041, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0x\6\0\0x\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\2\0\0x\6\0\0x\1\0\0" )  ) == 0x0
 01903  1248   NtResumeThread  (640, ... 1, ) == 0x0
 01904  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 109838336, 1048576, ) == 0x0
 01905   376   NtWaitForSingleObject  (88, 0, 0x0, ...
 01906  1248   NtAllocateVirtualMemory  (-1, 110878720, 0, 8192, 4096, 4, ... 110878720, 8192, ) == 0x0
 01907  1248   NtProtectVirtualMemory  (-1, (0x69be000), 4096, 260, ... (0x69be000), 4096, 4, ) == 0x0
 01908  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 644, {1656, 1168}, ) == 0x0
 01909  1248   NtQueryInformationThread  (644, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff59000,Pid=1656,Tid=1168,}, 0x0, ) == 0x0
 01910  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58042, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0x\6\0\0\220\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0x\6\0\0\220\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58043, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58042, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0x\6\0\0\220\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\2\0\0x\6\0\0\220\4\0\0" )  ) == 0x0
 01911  1248   NtResumeThread  (644, ... 1, ) == 0x0
 01912  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 110886912, 1048576, ) == 0x0
 01913  1248   NtAllocateVirtualMemory  (-1, 111927296, 0, 8192, 4096, 4, ... 111927296, 8192, ) == 0x0
 01914  1248   NtProtectVirtualMemory  (-1, (0x6abe000), 4096, 260, ...
 01915  1168   NtWaitForSingleObject  (88, 0, 0x0, ...
 01914  1248   NtProtectVirtualMemory  ... (0x6abe000), 4096, 4, ) == 0x0
 01916  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 648, {1656, 428}, ) == 0x0
 01917  1248   NtQueryInformationThread  (648, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff58000,Pid=1656,Tid=428,}, 0x0, ) == 0x0
 01918  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58043, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0x\6\0\0\254\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0x\6\0\0\254\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58044, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58043, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0x\6\0\0\254\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\2\0\0x\6\0\0\254\1\0\0" )  ) == 0x0
 01919  1248   NtResumeThread  (648, ... 1, ) == 0x0
 01920  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 111935488, 1048576, ) == 0x0
 01921   428   NtWaitForSingleObject  (88, 0, 0x0, ...
 01922  1248   NtAllocateVirtualMemory  (-1, 112975872, 0, 8192, 4096, 4, ... 112975872, 8192, ) == 0x0
 01923  1248   NtProtectVirtualMemory  (-1, (0x6bbe000), 4096, 260, ... (0x6bbe000), 4096, 4, ) == 0x0
 01924  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 652, {1656, 1344}, ) == 0x0
 01925  1248   NtQueryInformationThread  (652, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff57000,Pid=1656,Tid=1344,}, 0x0, ) == 0x0
 01926  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58044, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0x\6\0\0@\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0x\6\0\0@\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58045, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58044, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0x\6\0\0@\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\2\0\0x\6\0\0@\5\0\0" )  ) == 0x0
 01927  1248   NtResumeThread  (652, ... 1, ) == 0x0
 01928  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 112984064, 1048576, ) == 0x0
 01929  1248   NtAllocateVirtualMemory  (-1, 114024448, 0, 8192, 4096, 4, ... 114024448, 8192, ) == 0x0
 01930  1248   NtProtectVirtualMemory  (-1, (0x6cbe000), 4096, 260, ...
 01931  1344   NtWaitForSingleObject  (88, 0, 0x0, ...
 01930  1248   NtProtectVirtualMemory  ... (0x6cbe000), 4096, 4, ) == 0x0
 01932  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 656, {1656, 1300}, ) == 0x0
 01933  1248   NtQueryInformationThread  (656, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff56000,Pid=1656,Tid=1300,}, 0x0, ) == 0x0
 01934  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58045, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0x\6\0\0\24\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0x\6\0\0\24\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58046, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58045, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0x\6\0\0\24\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\2\0\0x\6\0\0\24\5\0\0" )  ) == 0x0
 01935  1248   NtResumeThread  (656, ... 1, ) == 0x0
 01936  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 114032640, 1048576, ) == 0x0
 01937  1300   NtWaitForSingleObject  (88, 0, 0x0, ...
 01938  1248   NtAllocateVirtualMemory  (-1, 115073024, 0, 8192, 4096, 4, ... 115073024, 8192, ) == 0x0
 01939  1248   NtProtectVirtualMemory  (-1, (0x6dbe000), 4096, 260, ... (0x6dbe000), 4096, 4, ) == 0x0
 01940  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 660, {1656, 1096}, ) == 0x0
 01941  1248   NtQueryInformationThread  (660, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff55000,Pid=1656,Tid=1096,}, 0x0, ) == 0x0
 01942  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58046, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0x\6\0\0H\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0x\6\0\0H\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58047, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58046, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0x\6\0\0H\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\2\0\0x\6\0\0H\4\0\0" )  ) == 0x0
 01943  1248   NtResumeThread  (660, ... 1, ) == 0x0
 01944  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 115081216, 1048576, ) == 0x0
 01945  1248   NtAllocateVirtualMemory  (-1, 116121600, 0, 8192, 4096, 4, ... 116121600, 8192, ) == 0x0
 01946  1248   NtProtectVirtualMemory  (-1, (0x6ebe000), 4096, 260, ...
 01947  1096   NtWaitForSingleObject  (88, 0, 0x0, ...
 01946  1248   NtProtectVirtualMemory  ... (0x6ebe000), 4096, 4, ) == 0x0
 01948  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 664, {1656, 252}, ) == 0x0
 01949  1248   NtQueryInformationThread  (664, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff54000,Pid=1656,Tid=252,}, 0x0, ) == 0x0
 01950  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58047, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0x\6\0\0\374\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0x\6\0\0\374\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58048, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58047, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0x\6\0\0\374\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\2\0\0x\6\0\0\374\0\0\0" )  ) == 0x0
 01951  1248   NtResumeThread  (664, ... 1, ) == 0x0
 01952  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 116129792, 1048576, ) == 0x0
 01953   252   NtWaitForSingleObject  (88, 0, 0x0, ...
 01954  1248   NtAllocateVirtualMemory  (-1, 117170176, 0, 8192, 4096, 4, ... 117170176, 8192, ) == 0x0
 01955  1248   NtProtectVirtualMemory  (-1, (0x6fbe000), 4096, 260, ... (0x6fbe000), 4096, 4, ) == 0x0
 01956  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 668, {1656, 500}, ) == 0x0
 01957  1248   NtQueryInformationThread  (668, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff53000,Pid=1656,Tid=500,}, 0x0, ) == 0x0
 01958  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58048, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0x\6\0\0\364\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0x\6\0\0\364\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58049, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58048, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0x\6\0\0\364\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\2\0\0x\6\0\0\364\1\0\0" )  ) == 0x0
 01959  1248   NtResumeThread  (668, ... 1, ) == 0x0
 01960  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 117178368, 1048576, ) == 0x0
 01961  1248   NtAllocateVirtualMemory  (-1, 118218752, 0, 8192, 4096, 4, ... 118218752, 8192, ) == 0x0
 01962  1248   NtProtectVirtualMemory  (-1, (0x70be000), 4096, 260, ...
 01963   500   NtWaitForSingleObject  (88, 0, 0x0, ...
 01962  1248   NtProtectVirtualMemory  ... (0x70be000), 4096, 4, ) == 0x0
 01964  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 672, {1656, 1132}, ) == 0x0
 01965  1248   NtQueryInformationThread  (672, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff52000,Pid=1656,Tid=1132,}, 0x0, ) == 0x0
 01966  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58049, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0x\6\0\0l\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0x\6\0\0l\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58050, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58049, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0x\6\0\0l\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\2\0\0x\6\0\0l\4\0\0" )  ) == 0x0
 01967  1248   NtResumeThread  (672, ... 1, ) == 0x0
 01968  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 118226944, 1048576, ) == 0x0
 01969  1132   NtWaitForSingleObject  (88, 0, 0x0, ...
 01970  1248   NtAllocateVirtualMemory  (-1, 119267328, 0, 8192, 4096, 4, ... 119267328, 8192, ) == 0x0
 01971  1248   NtProtectVirtualMemory  (-1, (0x71be000), 4096, 260, ... (0x71be000), 4096, 4, ) == 0x0
 01972  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 676, {1656, 1024}, ) == 0x0
 01973  1248   NtQueryInformationThread  (676, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff51000,Pid=1656,Tid=1024,}, 0x0, ) == 0x0
 01974  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58050, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0x\6\0\0\0\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0x\6\0\0\0\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58051, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58050, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0x\6\0\0\0\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\2\0\0x\6\0\0\0\4\0\0" )  ) == 0x0
 01975  1248   NtResumeThread  (676, ... 1, ) == 0x0
 01976  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 119275520, 1048576, ) == 0x0
 01977  1248   NtAllocateVirtualMemory  (-1, 120315904, 0, 8192, 4096, 4, ... 120315904, 8192, ) == 0x0
 01978  1248   NtProtectVirtualMemory  (-1, (0x72be000), 4096, 260, ...
 01979  1024   NtWaitForSingleObject  (88, 0, 0x0, ...
 01978  1248   NtProtectVirtualMemory  ... (0x72be000), 4096, 4, ) == 0x0
 01980  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 680, {1656, 948}, ) == 0x0
 01981  1248   NtQueryInformationThread  (680, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff50000,Pid=1656,Tid=948,}, 0x0, ) == 0x0
 01982  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58051, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0x\6\0\0\264\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0x\6\0\0\264\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58052, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58051, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0x\6\0\0\264\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\2\0\0x\6\0\0\264\3\0\0" )  ) == 0x0
 01983  1248   NtResumeThread  (680, ... 1, ) == 0x0
 01984  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 120324096, 1048576, ) == 0x0
 01985   948   NtWaitForSingleObject  (88, 0, 0x0, ...
 01986  1248   NtAllocateVirtualMemory  (-1, 121364480, 0, 8192, 4096, 4, ... 121364480, 8192, ) == 0x0
 01987  1248   NtProtectVirtualMemory  (-1, (0x73be000), 4096, 260, ... (0x73be000), 4096, 4, ) == 0x0
 01988  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 684, {1656, 1388}, ) == 0x0
 01989  1248   NtQueryInformationThread  (684, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4f000,Pid=1656,Tid=1388,}, 0x0, ) == 0x0
 01990  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58052, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0x\6\0\0l\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0x\6\0\0l\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58053, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58052, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0x\6\0\0l\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\2\0\0x\6\0\0l\5\0\0" )  ) == 0x0
 01991  1248   NtResumeThread  (684, ... 1, ) == 0x0
 01992  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 121372672, 1048576, ) == 0x0
 01993  1248   NtAllocateVirtualMemory  (-1, 122413056, 0, 8192, 4096, 4, ... 122413056, 8192, ) == 0x0
 01994  1248   NtProtectVirtualMemory  (-1, (0x74be000), 4096, 260, ...
 01995  1388   NtWaitForSingleObject  (88, 0, 0x0, ...
 01994  1248   NtProtectVirtualMemory  ... (0x74be000), 4096, 4, ) == 0x0
 01996  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 688, {1656, 520}, ) == 0x0
 01997  1248   NtQueryInformationThread  (688, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4e000,Pid=1656,Tid=520,}, 0x0, ) == 0x0
 01998  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58053, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0x\6\0\0\10\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0x\6\0\0\10\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58054, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58053, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0x\6\0\0\10\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\2\0\0x\6\0\0\10\2\0\0" )  ) == 0x0
 01999  1248   NtResumeThread  (688, ... 1, ) == 0x0
 02000  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 122421248, 1048576, ) == 0x0
 02001   520   NtWaitForSingleObject  (88, 0, 0x0, ...
 02002  1248   NtAllocateVirtualMemory  (-1, 123461632, 0, 8192, 4096, 4, ... 123461632, 8192, ) == 0x0
 02003  1248   NtProtectVirtualMemory  (-1, (0x75be000), 4096, 260, ... (0x75be000), 4096, 4, ) == 0x0
 02004  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 692, {1656, 276}, ) == 0x0
 02005  1248   NtQueryInformationThread  (692, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4d000,Pid=1656,Tid=276,}, 0x0, ) == 0x0
 02006  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58054, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0x\6\0\0\24\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0x\6\0\0\24\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58055, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58054, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0x\6\0\0\24\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\2\0\0x\6\0\0\24\1\0\0" )  ) == 0x0
 02007  1248   NtResumeThread  (692, ... 1, ) == 0x0
 02008  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 123469824, 1048576, ) == 0x0
 02009  1248   NtAllocateVirtualMemory  (-1, 124510208, 0, 8192, 4096, 4, ... 124510208, 8192, ) == 0x0
 02010  1248   NtProtectVirtualMemory  (-1, (0x76be000), 4096, 260, ...
 02011   276   NtWaitForSingleObject  (88, 0, 0x0, ...
 02010  1248   NtProtectVirtualMemory  ... (0x76be000), 4096, 4, ) == 0x0
 02012  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 696, {1656, 996}, ) == 0x0
 02013  1248   NtQueryInformationThread  (696, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4c000,Pid=1656,Tid=996,}, 0x0, ) == 0x0
 02014  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58055, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0x\6\0\0\344\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0x\6\0\0\344\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58056, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58055, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0x\6\0\0\344\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\2\0\0x\6\0\0\344\3\0\0" )  ) == 0x0
 02015  1248   NtResumeThread  (696, ... 1, ) == 0x0
 02016  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 124518400, 1048576, ) == 0x0
 02017   996   NtWaitForSingleObject  (88, 0, 0x0, ...
 02018  1248   NtAllocateVirtualMemory  (-1, 125558784, 0, 8192, 4096, 4, ... 125558784, 8192, ) == 0x0
 02019  1248   NtProtectVirtualMemory  (-1, (0x77be000), 4096, 260, ... (0x77be000), 4096, 4, ) == 0x0
 02020  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 700, {1656, 1064}, ) == 0x0
 02021  1248   NtQueryInformationThread  (700, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4b000,Pid=1656,Tid=1064,}, 0x0, ) == 0x0
 02022  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58056, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0x\6\0\0(\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0x\6\0\0(\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58057, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58056, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0x\6\0\0(\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\2\0\0x\6\0\0(\4\0\0" )  ) == 0x0
 02023  1248   NtResumeThread  (700, ... 1, ) == 0x0
 02024  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 125566976, 1048576, ) == 0x0
 02025  1248   NtAllocateVirtualMemory  (-1, 126607360, 0, 8192, 4096, 4, ... 126607360, 8192, ) == 0x0
 02026  1248   NtProtectVirtualMemory  (-1, (0x78be000), 4096, 260, ...
 02027  1064   NtWaitForSingleObject  (88, 0, 0x0, ...
 02026  1248   NtProtectVirtualMemory  ... (0x78be000), 4096, 4, ) == 0x0
 02028  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 704, {1656, 1600}, ) == 0x0
 02029  1248   NtQueryInformationThread  (704, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4a000,Pid=1656,Tid=1600,}, 0x0, ) == 0x0
 02030  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58057, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0x\6\0\0@\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0x\6\0\0@\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58058, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58057, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0x\6\0\0@\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\2\0\0x\6\0\0@\6\0\0" )  ) == 0x0
 02031  1248   NtResumeThread  (704, ... 1, ) == 0x0
 02032  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 126615552, 1048576, ) == 0x0
 02033  1600   NtWaitForSingleObject  (88, 0, 0x0, ...
 02034  1248   NtAllocateVirtualMemory  (-1, 127655936, 0, 8192, 4096, 4, ... 127655936, 8192, ) == 0x0
 02035  1248   NtProtectVirtualMemory  (-1, (0x79be000), 4096, 260, ... (0x79be000), 4096, 4, ) == 0x0
 02036  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 708, {1656, 1372}, ) == 0x0
 02037  1248   NtQueryInformationThread  (708, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff49000,Pid=1656,Tid=1372,}, 0x0, ) == 0x0
 02038  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58058, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0x\6\0\0\\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0x\6\0\0\\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58059, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58058, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0x\6\0\0\\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\2\0\0x\6\0\0\\5\0\0" )  ) == 0x0
 02039  1248   NtResumeThread  (708, ... 1, ) == 0x0
 02040  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 127664128, 1048576, ) == 0x0
 02041  1248   NtAllocateVirtualMemory  (-1, 128704512, 0, 8192, 4096, 4, ... 128704512, 8192, ) == 0x0
 02042  1248   NtProtectVirtualMemory  (-1, (0x7abe000), 4096, 260, ...
 02043  1372   NtWaitForSingleObject  (88, 0, 0x0, ...
 02042  1248   NtProtectVirtualMemory  ... (0x7abe000), 4096, 4, ) == 0x0
 02044  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 712, {1656, 2040}, ) == 0x0
 02045  1248   NtQueryInformationThread  (712, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff48000,Pid=1656,Tid=2040,}, 0x0, ) == 0x0
 02046  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58059, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0x\6\0\0\370\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0x\6\0\0\370\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58060, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58059, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0x\6\0\0\370\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\2\0\0x\6\0\0\370\7\0\0" )  ) == 0x0
 02047  1248   NtResumeThread  (712, ... 1, ) == 0x0
 02048  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 128712704, 1048576, ) == 0x0
 02049  2040   NtWaitForSingleObject  (88, 0, 0x0, ...
 02050  1248   NtAllocateVirtualMemory  (-1, 129753088, 0, 8192, 4096, 4, ... 129753088, 8192, ) == 0x0
 02051  1248   NtProtectVirtualMemory  (-1, (0x7bbe000), 4096, 260, ... (0x7bbe000), 4096, 4, ) == 0x0
 02052  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 716, {1656, 216}, ) == 0x0
 02053  1248   NtQueryInformationThread  (716, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff47000,Pid=1656,Tid=216,}, 0x0, ) == 0x0
 02054  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58060, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0x\6\0\0\330\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0x\6\0\0\330\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58061, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58060, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0x\6\0\0\330\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\2\0\0x\6\0\0\330\0\0\0" )  ) == 0x0
 02055  1248   NtResumeThread  (716, ... 1, ) == 0x0
 02056  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 129761280, 1048576, ) == 0x0
 02057  1248   NtAllocateVirtualMemory  (-1, 130801664, 0, 8192, 4096, 4, ... 130801664, 8192, ) == 0x0
 02058  1248   NtProtectVirtualMemory  (-1, (0x7cbe000), 4096, 260, ...
 02059   216   NtWaitForSingleObject  (88, 0, 0x0, ...
 02058  1248   NtProtectVirtualMemory  ... (0x7cbe000), 4096, 4, ) == 0x0
 02060  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 720, {1656, 152}, ) == 0x0
 02061  1248   NtQueryInformationThread  (720, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff46000,Pid=1656,Tid=152,}, 0x0, ) == 0x0
 02062  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58061, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0x\6\0\0\230\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0x\6\0\0\230\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58062, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58061, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0x\6\0\0\230\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\2\0\0x\6\0\0\230\0\0\0" )  ) == 0x0
 02063  1248   NtResumeThread  (720, ... 1, ) == 0x0
 02064  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 130809856, 1048576, ) == 0x0
 02065   152   NtWaitForSingleObject  (88, 0, 0x0, ...
 02066  1248   NtAllocateVirtualMemory  (-1, 131850240, 0, 8192, 4096, 4, ... 131850240, 8192, ) == 0x0
 02067  1248   NtProtectVirtualMemory  (-1, (0x7dbe000), 4096, 260, ... (0x7dbe000), 4096, 4, ) == 0x0
 02068  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 724, {1656, 900}, ) == 0x0
 02069  1248   NtQueryInformationThread  (724, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff45000,Pid=1656,Tid=900,}, 0x0, ) == 0x0
 02070  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58062, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0x\6\0\0\204\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0x\6\0\0\204\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58063, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58062, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0x\6\0\0\204\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\2\0\0x\6\0\0\204\3\0\0" )  ) == 0x0
 02071  1248   NtResumeThread  (724, ... 1, ) == 0x0
 02072  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 131858432, 1048576, ) == 0x0
 02073  1248   NtAllocateVirtualMemory  (-1, 132898816, 0, 8192, 4096, 4, ... 132898816, 8192, ) == 0x0
 02074  1248   NtProtectVirtualMemory  (-1, (0x7ebe000), 4096, 260, ...
 02075   900   NtWaitForSingleObject  (88, 0, 0x0, ...
 02074  1248   NtProtectVirtualMemory  ... (0x7ebe000), 4096, 4, ) == 0x0
 02076  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 728, {1656, 1272}, ) == 0x0
 02077  1248   NtQueryInformationThread  (728, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff44000,Pid=1656,Tid=1272,}, 0x0, ) == 0x0
 02078  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58063, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0x\6\0\0\370\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0x\6\0\0\370\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58064, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58063, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0x\6\0\0\370\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\2\0\0x\6\0\0\370\4\0\0" )  ) == 0x0
 02079  1248   NtResumeThread  (728, ... 1, ) == 0x0
 02080  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 132907008, 1048576, ) == 0x0
 02081  1272   NtWaitForSingleObject  (88, 0, 0x0, ...
 02082  1248   NtAllocateVirtualMemory  (-1, 133947392, 0, 8192, 4096, 4, ... 133947392, 8192, ) == 0x0
 02083  1248   NtProtectVirtualMemory  (-1, (0x7fbe000), 4096, 260, ... (0x7fbe000), 4096, 4, ) == 0x0
 02084  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 732, {1656, 1240}, ) == 0x0
 02085  1248   NtQueryInformationThread  (732, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff43000,Pid=1656,Tid=1240,}, 0x0, ) == 0x0
 02086  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58064, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0x\6\0\0\330\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0x\6\0\0\330\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58065, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58064, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0x\6\0\0\330\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\2\0\0x\6\0\0\330\4\0\0" )  ) == 0x0
 02087  1248   NtResumeThread  (732, ... 1, ) == 0x0
 02088  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 133955584, 1048576, ) == 0x0
 02089  1248   NtAllocateVirtualMemory  (-1, 134995968, 0, 8192, 4096, 4, ... 134995968, 8192, ) == 0x0
 02090  1240   NtWaitForSingleObject  (88, 0, 0x0, ...
 02091  1248   NtProtectVirtualMemory  (-1, (0x80be000), 4096, 260, ... (0x80be000), 4096, 4, ) == 0x0
 02092  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 736, {1656, 1776}, ) == 0x0
 02093  1248   NtQueryInformationThread  (736, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff42000,Pid=1656,Tid=1776,}, 0x0, ) == 0x0
 02094  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58065, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0x\6\0\0\360\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0x\6\0\0\360\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58066, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58065, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0x\6\0\0\360\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\2\0\0x\6\0\0\360\6\0\0" )  ) == 0x0
 02095  1248   NtResumeThread  (736, ... 1, ) == 0x0
 02096  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02097  1776   NtWaitForSingleObject  (88, 0, 0x0, ...
 02096  1248   NtAllocateVirtualMemory  ... 135004160, 1048576, ) == 0x0
 02098  1248   NtAllocateVirtualMemory  (-1, 136044544, 0, 8192, 4096, 4, ... 136044544, 8192, ) == 0x0
 02099  1248   NtProtectVirtualMemory  (-1, (0x81be000), 4096, 260, ... (0x81be000), 4096, 4, ) == 0x0
 02100  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 740, {1656, 1324}, ) == 0x0
 02101  1248   NtQueryInformationThread  (740, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff41000,Pid=1656,Tid=1324,}, 0x0, ) == 0x0
 02102  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58066, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0x\6\0\0,\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0x\6\0\0,\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58067, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58066, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0x\6\0\0,\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\2\0\0x\6\0\0,\5\0\0" )  ) == 0x0
 02103  1248   NtResumeThread  (740, ... 1, ) == 0x0
 02104  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 136052736, 1048576, ) == 0x0
 02105  1248   NtAllocateVirtualMemory  (-1, 137093120, 0, 8192, 4096, 4, ... 137093120, 8192, ) == 0x0
 02106  1324   NtWaitForSingleObject  (88, 0, 0x0, ...
 02107  1248   NtProtectVirtualMemory  (-1, (0x82be000), 4096, 260, ... (0x82be000), 4096, 4, ) == 0x0
 02108  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 744, {1656, 1884}, ) == 0x0
 02109  1248   NtQueryInformationThread  (744, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff40000,Pid=1656,Tid=1884,}, 0x0, ) == 0x0
 02110  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58067, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0x\6\0\0\\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0x\6\0\0\\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58068, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58067, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0x\6\0\0\\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\2\0\0x\6\0\0\\7\0\0" )  ) == 0x0
 02111  1248   NtResumeThread  (744, ... 1, ) == 0x0
 02112  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02113  1884   NtWaitForSingleObject  (88, 0, 0x0, ...
 02112  1248   NtAllocateVirtualMemory  ... 137101312, 1048576, ) == 0x0
 02114  1248   NtAllocateVirtualMemory  (-1, 138141696, 0, 8192, 4096, 4, ... 138141696, 8192, ) == 0x0
 02115  1248   NtProtectVirtualMemory  (-1, (0x83be000), 4096, 260, ... (0x83be000), 4096, 4, ) == 0x0
 02116  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 748, {1656, 248}, ) == 0x0
 02117  1248   NtQueryInformationThread  (748, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3f000,Pid=1656,Tid=248,}, 0x0, ) == 0x0
 02118  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58068, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0x\6\0\0\370\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0x\6\0\0\370\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58069, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58068, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0x\6\0\0\370\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\2\0\0x\6\0\0\370\0\0\0" )  ) == 0x0
 02119  1248   NtResumeThread  (748, ... 1, ) == 0x0
 02120  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 138149888, 1048576, ) == 0x0
 02121  1248   NtAllocateVirtualMemory  (-1, 139190272, 0, 8192, 4096, 4, ... 139190272, 8192, ) == 0x0
 02122   248   NtWaitForSingleObject  (88, 0, 0x0, ...
 02123  1248   NtProtectVirtualMemory  (-1, (0x84be000), 4096, 260, ... (0x84be000), 4096, 4, ) == 0x0
 02124  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 752, {1656, 1652}, ) == 0x0
 02125  1248   NtQueryInformationThread  (752, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3e000,Pid=1656,Tid=1652,}, 0x0, ) == 0x0
 02126  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58069, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0x\6\0\0t\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0x\6\0\0t\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58070, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58069, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0x\6\0\0t\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\2\0\0x\6\0\0t\6\0\0" )  ) == 0x0
 02127  1248   NtResumeThread  (752, ... 1, ) == 0x0
 02128  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02129  1652   NtWaitForSingleObject  (88, 0, 0x0, ...
 02128  1248   NtAllocateVirtualMemory  ... 139198464, 1048576, ) == 0x0
 02130  1248   NtAllocateVirtualMemory  (-1, 140238848, 0, 8192, 4096, 4, ... 140238848, 8192, ) == 0x0
 02131  1248   NtProtectVirtualMemory  (-1, (0x85be000), 4096, 260, ... (0x85be000), 4096, 4, ) == 0x0
 02132  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 756, {1656, 588}, ) == 0x0
 02133  1248   NtQueryInformationThread  (756, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3d000,Pid=1656,Tid=588,}, 0x0, ) == 0x0
 02134  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58070, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0x\6\0\0L\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0x\6\0\0L\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58071, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58070, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0x\6\0\0L\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\2\0\0x\6\0\0L\2\0\0" )  ) == 0x0
 02135  1248   NtResumeThread  (756, ... 1, ) == 0x0
 02136  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 140247040, 1048576, ) == 0x0
 02137  1248   NtAllocateVirtualMemory  (-1, 141287424, 0, 8192, 4096, 4, ... 141287424, 8192, ) == 0x0
 02138   588   NtWaitForSingleObject  (88, 0, 0x0, ...
 02139  1248   NtProtectVirtualMemory  (-1, (0x86be000), 4096, 260, ... (0x86be000), 4096, 4, ) == 0x0
 02140  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 760, {1656, 440}, ) == 0x0
 02141  1248   NtQueryInformationThread  (760, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3c000,Pid=1656,Tid=440,}, 0x0, ) == 0x0
 02142  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58071, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0x\6\0\0\270\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0x\6\0\0\270\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58072, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58071, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0x\6\0\0\270\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\2\0\0x\6\0\0\270\1\0\0" )  ) == 0x0
 02143  1248   NtResumeThread  (760, ... 1, ) == 0x0
 02144  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02145   440   NtWaitForSingleObject  (88, 0, 0x0, ...
 02144  1248   NtAllocateVirtualMemory  ... 141295616, 1048576, ) == 0x0
 02146  1248   NtAllocateVirtualMemory  (-1, 142336000, 0, 8192, 4096, 4, ... 142336000, 8192, ) == 0x0
 02147  1248   NtProtectVirtualMemory  (-1, (0x87be000), 4096, 260, ... (0x87be000), 4096, 4, ) == 0x0
 02148  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 764, {1656, 1296}, ) == 0x0
 02149  1248   NtQueryInformationThread  (764, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3b000,Pid=1656,Tid=1296,}, 0x0, ) == 0x0
 02150  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58072, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0x\6\0\0\20\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0x\6\0\0\20\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58073, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58072, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0x\6\0\0\20\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\2\0\0x\6\0\0\20\5\0\0" )  ) == 0x0
 02151  1248   NtResumeThread  (764, ... 1, ) == 0x0
 02152  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 142344192, 1048576, ) == 0x0
 02153  1248   NtAllocateVirtualMemory  (-1, 143384576, 0, 8192, 4096, 4, ... 143384576, 8192, ) == 0x0
 02154  1296   NtWaitForSingleObject  (88, 0, 0x0, ...
 02155  1248   NtProtectVirtualMemory  (-1, (0x88be000), 4096, 260, ... (0x88be000), 4096, 4, ) == 0x0
 02156  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 768, {1656, 1612}, ) == 0x0
 02157  1248   NtQueryInformationThread  (768, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff3a000,Pid=1656,Tid=1612,}, 0x0, ) == 0x0
 02158  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58073, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0x\6\0\0L\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0x\6\0\0L\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58074, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58073, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0x\6\0\0L\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\3\0\0x\6\0\0L\6\0\0" )  ) == 0x0
 02159  1248   NtResumeThread  (768, ... 1, ) == 0x0
 02160  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02161  1612   NtWaitForSingleObject  (88, 0, 0x0, ...
 02160  1248   NtAllocateVirtualMemory  ... 143392768, 1048576, ) == 0x0
 02162  1248   NtAllocateVirtualMemory  (-1, 144433152, 0, 8192, 4096, 4, ... 144433152, 8192, ) == 0x0
 02163  1248   NtProtectVirtualMemory  (-1, (0x89be000), 4096, 260, ... (0x89be000), 4096, 4, ) == 0x0
 02164  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 772, {1656, 876}, ) == 0x0
 02165  1248   NtQueryInformationThread  (772, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff39000,Pid=1656,Tid=876,}, 0x0, ) == 0x0
 02166  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58074, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0x\6\0\0l\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0x\6\0\0l\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58075, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58074, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0x\6\0\0l\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\3\0\0x\6\0\0l\3\0\0" )  ) == 0x0
 02167  1248   NtResumeThread  (772, ... 1, ) == 0x0
 02168  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 144441344, 1048576, ) == 0x0
 02169  1248   NtAllocateVirtualMemory  (-1, 145481728, 0, 8192, 4096, 4, ... 145481728, 8192, ) == 0x0
 02170   876   NtWaitForSingleObject  (88, 0, 0x0, ...
 02171  1248   NtProtectVirtualMemory  (-1, (0x8abe000), 4096, 260, ... (0x8abe000), 4096, 4, ) == 0x0
 02172  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 776, {1656, 1368}, ) == 0x0
 02173  1248   NtQueryInformationThread  (776, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff38000,Pid=1656,Tid=1368,}, 0x0, ) == 0x0
 02174  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58075, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0x\6\0\0X\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0x\6\0\0X\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58076, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58075, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0x\6\0\0X\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\3\0\0x\6\0\0X\5\0\0" )  ) == 0x0
 02175  1248   NtResumeThread  (776, ... 1, ) == 0x0
 02176  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02177  1368   NtWaitForSingleObject  (88, 0, 0x0, ...
 02176  1248   NtAllocateVirtualMemory  ... 145489920, 1048576, ) == 0x0
 02178  1248   NtAllocateVirtualMemory  (-1, 146530304, 0, 8192, 4096, 4, ... 146530304, 8192, ) == 0x0
 02179  1248   NtProtectVirtualMemory  (-1, (0x8bbe000), 4096, 260, ... (0x8bbe000), 4096, 4, ) == 0x0
 02180  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 780, {1656, 1620}, ) == 0x0
 02181  1248   NtQueryInformationThread  (780, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff37000,Pid=1656,Tid=1620,}, 0x0, ) == 0x0
 02182  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58076, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0x\6\0\0T\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0x\6\0\0T\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58077, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58076, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0x\6\0\0T\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\3\0\0x\6\0\0T\6\0\0" )  ) == 0x0
 02183  1248   NtResumeThread  (780, ... 1, ) == 0x0
 02184  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 146538496, 1048576, ) == 0x0
 02185  1248   NtAllocateVirtualMemory  (-1, 147578880, 0, 8192, 4096, 4, ... 147578880, 8192, ) == 0x0
 02186  1620   NtWaitForSingleObject  (88, 0, 0x0, ...
 02187  1248   NtProtectVirtualMemory  (-1, (0x8cbe000), 4096, 260, ... (0x8cbe000), 4096, 4, ) == 0x0
 02188  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 784, {1656, 1376}, ) == 0x0
 02189  1248   NtQueryInformationThread  (784, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff36000,Pid=1656,Tid=1376,}, 0x0, ) == 0x0
 02190  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58077, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0x\6\0\0`\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0x\6\0\0`\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58078, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58077, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0x\6\0\0`\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\3\0\0x\6\0\0`\5\0\0" )  ) == 0x0
 02191  1248   NtResumeThread  (784, ... 1, ) == 0x0
 02192  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02193  1376   NtWaitForSingleObject  (88, 0, 0x0, ...
 02192  1248   NtAllocateVirtualMemory  ... 147587072, 1048576, ) == 0x0
 02194  1248   NtAllocateVirtualMemory  (-1, 148627456, 0, 8192, 4096, 4, ... 148627456, 8192, ) == 0x0
 02195  1248   NtProtectVirtualMemory  (-1, (0x8dbe000), 4096, 260, ... (0x8dbe000), 4096, 4, ) == 0x0
 02196  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 788, {1656, 1436}, ) == 0x0
 02197  1248   NtQueryInformationThread  (788, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff35000,Pid=1656,Tid=1436,}, 0x0, ) == 0x0
 02198  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58078, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0x\6\0\0\234\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0x\6\0\0\234\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58079, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58078, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0x\6\0\0\234\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\3\0\0x\6\0\0\234\5\0\0" )  ) == 0x0
 02199  1248   NtResumeThread  (788, ... 1, ) == 0x0
 02200  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 148635648, 1048576, ) == 0x0
 02201  1248   NtAllocateVirtualMemory  (-1, 149676032, 0, 8192, 4096, 4, ... 149676032, 8192, ) == 0x0
 02202  1436   NtWaitForSingleObject  (88, 0, 0x0, ...
 02203  1248   NtProtectVirtualMemory  (-1, (0x8ebe000), 4096, 260, ... (0x8ebe000), 4096, 4, ) == 0x0
 02204  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 792, {1656, 480}, ) == 0x0
 02205  1248   NtQueryInformationThread  (792, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff34000,Pid=1656,Tid=480,}, 0x0, ) == 0x0
 02206  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58079, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0x\6\0\0\340\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0x\6\0\0\340\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58080, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58079, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0x\6\0\0\340\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\3\0\0x\6\0\0\340\1\0\0" )  ) == 0x0
 02207  1248   NtResumeThread  (792, ... 1, ) == 0x0
 02208  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02209   480   NtWaitForSingleObject  (88, 0, 0x0, ...
 02208  1248   NtAllocateVirtualMemory  ... 149684224, 1048576, ) == 0x0
 02210  1248   NtAllocateVirtualMemory  (-1, 150724608, 0, 8192, 4096, 4, ... 150724608, 8192, ) == 0x0
 02211  1248   NtProtectVirtualMemory  (-1, (0x8fbe000), 4096, 260, ... (0x8fbe000), 4096, 4, ) == 0x0
 02212  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 796, {1656, 1192}, ) == 0x0
 02213  1248   NtQueryInformationThread  (796, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff33000,Pid=1656,Tid=1192,}, 0x0, ) == 0x0
 02214  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58080, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0x\6\0\0\250\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0x\6\0\0\250\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58081, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58080, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0x\6\0\0\250\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\3\0\0x\6\0\0\250\4\0\0" )  ) == 0x0
 02215  1248   NtResumeThread  (796, ... 1, ) == 0x0
 02216  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 150732800, 1048576, ) == 0x0
 02217  1248   NtAllocateVirtualMemory  (-1, 151773184, 0, 8192, 4096, 4, ... 151773184, 8192, ) == 0x0
 02218  1192   NtWaitForSingleObject  (88, 0, 0x0, ...
 02219  1248   NtProtectVirtualMemory  (-1, (0x90be000), 4096, 260, ... (0x90be000), 4096, 4, ) == 0x0
 02220  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 800, {1656, 724}, ) == 0x0
 02221  1248   NtQueryInformationThread  (800, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff32000,Pid=1656,Tid=724,}, 0x0, ) == 0x0
 02222  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58081, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0x\6\0\0\324\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0x\6\0\0\324\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58082, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58081, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0x\6\0\0\324\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \3\0\0x\6\0\0\324\2\0\0" )  ) == 0x0
 02223  1248   NtResumeThread  (800, ... 1, ) == 0x0
 02224  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02225   724   NtWaitForSingleObject  (88, 0, 0x0, ...
 02224  1248   NtAllocateVirtualMemory  ... 151781376, 1048576, ) == 0x0
 02226  1248   NtAllocateVirtualMemory  (-1, 152821760, 0, 8192, 4096, 4, ... 152821760, 8192, ) == 0x0
 02227  1248   NtProtectVirtualMemory  (-1, (0x91be000), 4096, 260, ... (0x91be000), 4096, 4, ) == 0x0
 02228  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 804, {1656, 1276}, ) == 0x0
 02229  1248   NtQueryInformationThread  (804, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff31000,Pid=1656,Tid=1276,}, 0x0, ) == 0x0
 02230  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58082, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0x\6\0\0\374\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0x\6\0\0\374\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58083, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58082, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0x\6\0\0\374\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\3\0\0x\6\0\0\374\4\0\0" )  ) == 0x0
 02231  1248   NtResumeThread  (804, ... 1, ) == 0x0
 02232  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 152829952, 1048576, ) == 0x0
 02233  1248   NtAllocateVirtualMemory  (-1, 153870336, 0, 8192, 4096, 4, ... 153870336, 8192, ) == 0x0
 02234  1276   NtWaitForSingleObject  (88, 0, 0x0, ...
 02235  1248   NtProtectVirtualMemory  (-1, (0x92be000), 4096, 260, ... (0x92be000), 4096, 4, ) == 0x0
 02236  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 808, {1656, 704}, ) == 0x0
 02237  1248   NtQueryInformationThread  (808, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff30000,Pid=1656,Tid=704,}, 0x0, ) == 0x0
 02238  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58083, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0x\6\0\0\300\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0x\6\0\0\300\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58084, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58083, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0x\6\0\0\300\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\3\0\0x\6\0\0\300\2\0\0" )  ) == 0x0
 02239  1248   NtResumeThread  (808, ... 1, ) == 0x0
 02240  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02241   704   NtWaitForSingleObject  (88, 0, 0x0, ...
 02240  1248   NtAllocateVirtualMemory  ... 153878528, 1048576, ) == 0x0
 02242  1248   NtAllocateVirtualMemory  (-1, 154918912, 0, 8192, 4096, 4, ... 154918912, 8192, ) == 0x0
 02243  1248   NtProtectVirtualMemory  (-1, (0x93be000), 4096, 260, ... (0x93be000), 4096, 4, ) == 0x0
 02244  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 812, {1656, 1568}, ) == 0x0
 02245  1248   NtQueryInformationThread  (812, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2f000,Pid=1656,Tid=1568,}, 0x0, ) == 0x0
 02246  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58084, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0x\6\0\0 \6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0x\6\0\0 \6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58085, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58084, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0x\6\0\0 \6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\3\0\0x\6\0\0 \6\0\0" )  ) == 0x0
 02247  1248   NtResumeThread  (812, ... 1, ) == 0x0
 02248  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 154927104, 1048576, ) == 0x0
 02249  1248   NtAllocateVirtualMemory  (-1, 155967488, 0, 8192, 4096, 4, ... 155967488, 8192, ) == 0x0
 02250  1568   NtWaitForSingleObject  (88, 0, 0x0, ...
 02251  1248   NtProtectVirtualMemory  (-1, (0x94be000), 4096, 260, ... (0x94be000), 4096, 4, ) == 0x0
 02252  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 816, {1656, 1104}, ) == 0x0
 02253  1248   NtQueryInformationThread  (816, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2e000,Pid=1656,Tid=1104,}, 0x0, ) == 0x0
 02254  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58085, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0x\6\0\0P\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0x\6\0\0P\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58086, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58085, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0x\6\0\0P\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\3\0\0x\6\0\0P\4\0\0" )  ) == 0x0
 02255  1248   NtResumeThread  (816, ... 1, ) == 0x0
 02256  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02257  1104   NtWaitForSingleObject  (88, 0, 0x0, ...
 02256  1248   NtAllocateVirtualMemory  ... 155975680, 1048576, ) == 0x0
 02258  1248   NtAllocateVirtualMemory  (-1, 157016064, 0, 8192, 4096, 4, ... 157016064, 8192, ) == 0x0
 02259  1248   NtProtectVirtualMemory  (-1, (0x95be000), 4096, 260, ... (0x95be000), 4096, 4, ) == 0x0
 02260  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 820, {1656, 1352}, ) == 0x0
 02261  1248   NtQueryInformationThread  (820, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2d000,Pid=1656,Tid=1352,}, 0x0, ) == 0x0
 02262  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58086, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0x\6\0\0H\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0x\6\0\0H\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58087, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58086, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0x\6\0\0H\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\3\0\0x\6\0\0H\5\0\0" )  ) == 0x0
 02263  1248   NtResumeThread  (820, ... 1, ) == 0x0
 02264  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 157024256, 1048576, ) == 0x0
 02265  1248   NtAllocateVirtualMemory  (-1, 158064640, 0, 8192, 4096, 4, ... 158064640, 8192, ) == 0x0
 02266  1352   NtWaitForSingleObject  (88, 0, 0x0, ...
 02267  1248   NtProtectVirtualMemory  (-1, (0x96be000), 4096, 260, ... (0x96be000), 4096, 4, ) == 0x0
 02268  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 824, {1656, 304}, ) == 0x0
 02269  1248   NtQueryInformationThread  (824, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2c000,Pid=1656,Tid=304,}, 0x0, ) == 0x0
 02270  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58087, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0x\6\0\00\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0x\6\0\00\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58088, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58087, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0x\6\0\00\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\3\0\0x\6\0\00\1\0\0" )  ) == 0x0
 02271  1248   NtResumeThread  (824, ... 1, ) == 0x0
 02272  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 158072832, 1048576, ) == 0x0
 02273  1248   NtAllocateVirtualMemory  (-1, 159113216, 0, 8192, 4096, 4, ... 159113216, 8192, ) == 0x0
 02274   304   NtWaitForSingleObject  (88, 0, 0x0, ...
 02275  1248   NtProtectVirtualMemory  (-1, (0x97be000), 4096, 260, ... (0x97be000), 4096, 4, ) == 0x0
 02276  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 828, {1656, 192}, ) == 0x0
 02277  1248   NtQueryInformationThread  (828, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2b000,Pid=1656,Tid=192,}, 0x0, ) == 0x0
 02278  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58088, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0x\6\0\0\300\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0x\6\0\0\300\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58089, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58088, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0x\6\0\0\300\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\3\0\0x\6\0\0\300\0\0\0" )  ) == 0x0
 02279  1248   NtResumeThread  (828, ... 1, ) == 0x0
 02280  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02281   192   NtWaitForSingleObject  (88, 0, 0x0, ...
 02280  1248   NtAllocateVirtualMemory  ... 159121408, 1048576, ) == 0x0
 02282  1248   NtAllocateVirtualMemory  (-1, 160161792, 0, 8192, 4096, 4, ... 160161792, 8192, ) == 0x0
 02283  1248   NtProtectVirtualMemory  (-1, (0x98be000), 4096, 260, ... (0x98be000), 4096, 4, ) == 0x0
 02284  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 832, {1656, 1484}, ) == 0x0
 02285  1248   NtQueryInformationThread  (832, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff2a000,Pid=1656,Tid=1484,}, 0x0, ) == 0x0
 02286  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58089, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0x\6\0\0\314\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0x\6\0\0\314\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58090, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58089, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0x\6\0\0\314\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\3\0\0x\6\0\0\314\5\0\0" )  ) == 0x0
 02287  1248   NtResumeThread  (832, ... 1, ) == 0x0
 02288  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 160169984, 1048576, ) == 0x0
 02289  1248   NtAllocateVirtualMemory  (-1, 161210368, 0, 8192, 4096, 4, ... 161210368, 8192, ) == 0x0
 02290  1484   NtWaitForSingleObject  (88, 0, 0x0, ...
 02291  1248   NtProtectVirtualMemory  (-1, (0x99be000), 4096, 260, ... (0x99be000), 4096, 4, ) == 0x0
 02292  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 836, {1656, 1120}, ) == 0x0
 02293  1248   NtQueryInformationThread  (836, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff29000,Pid=1656,Tid=1120,}, 0x0, ) == 0x0
 02294  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58090, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0x\6\0\0`\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0x\6\0\0`\4\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58091, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58090, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0x\6\0\0`\4\0\0" ... {28, 56, reply, 0, 1656, 1248, 58091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\3\0\0x\6\0\0`\4\0\0" )  ) == 0x0
 02295  1248   NtResumeThread  (836, ... 1, ) == 0x0
 02296  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02297  1120   NtWaitForSingleObject  (88, 0, 0x0, ...
 02296  1248   NtAllocateVirtualMemory  ... 161218560, 1048576, ) == 0x0
 02298  1248   NtAllocateVirtualMemory  (-1, 162258944, 0, 8192, 4096, 4, ... 162258944, 8192, ) == 0x0
 02299  1248   NtProtectVirtualMemory  (-1, (0x9abe000), 4096, 260, ... (0x9abe000), 4096, 4, ) == 0x0
 02300  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 840, {1656, 1736}, ) == 0x0
 02301  1248   NtQueryInformationThread  (840, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff28000,Pid=1656,Tid=1736,}, 0x0, ) == 0x0
 02302  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58091, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0x\6\0\0\310\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0x\6\0\0\310\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58092, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58091, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0x\6\0\0\310\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\3\0\0x\6\0\0\310\6\0\0" )  ) == 0x0
 02303  1248   NtResumeThread  (840, ... 1, ) == 0x0
 02304  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 162267136, 1048576, ) == 0x0
 02305  1248   NtAllocateVirtualMemory  (-1, 163307520, 0, 8192, 4096, 4, ... 163307520, 8192, ) == 0x0
 02306  1736   NtWaitForSingleObject  (88, 0, 0x0, ...
 02307  1248   NtProtectVirtualMemory  (-1, (0x9bbe000), 4096, 260, ... (0x9bbe000), 4096, 4, ) == 0x0
 02308  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 844, {1656, 576}, ) == 0x0
 02309  1248   NtQueryInformationThread  (844, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff27000,Pid=1656,Tid=576,}, 0x0, ) == 0x0
 02310  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58092, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0x\6\0\0@\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0x\6\0\0@\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58093, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58092, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0x\6\0\0@\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\3\0\0x\6\0\0@\2\0\0" )  ) == 0x0
 02311  1248   NtResumeThread  (844, ... 1, ) == 0x0
 02312  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02313   576   NtWaitForSingleObject  (88, 0, 0x0, ...
 02312  1248   NtAllocateVirtualMemory  ... 163315712, 1048576, ) == 0x0
 02314  1248   NtAllocateVirtualMemory  (-1, 164356096, 0, 8192, 4096, 4, ... 164356096, 8192, ) == 0x0
 02315  1248   NtProtectVirtualMemory  (-1, (0x9cbe000), 4096, 260, ... (0x9cbe000), 4096, 4, ) == 0x0
 02316  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 848, {1656, 1624}, ) == 0x0
 02317  1248   NtQueryInformationThread  (848, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff26000,Pid=1656,Tid=1624,}, 0x0, ) == 0x0
 02318  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58093, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0x\6\0\0X\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0x\6\0\0X\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58094, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58093, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0x\6\0\0X\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\3\0\0x\6\0\0X\6\0\0" )  ) == 0x0
 02319  1248   NtResumeThread  (848, ... 1, ) == 0x0
 02320  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 164364288, 1048576, ) == 0x0
 02321  1248   NtAllocateVirtualMemory  (-1, 165404672, 0, 8192, 4096, 4, ... 165404672, 8192, ) == 0x0
 02322  1624   NtWaitForSingleObject  (88, 0, 0x0, ...
 02323  1248   NtProtectVirtualMemory  (-1, (0x9dbe000), 4096, 260, ... (0x9dbe000), 4096, 4, ) == 0x0
 02324  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 852, {1656, 1288}, ) == 0x0
 02325  1248   NtQueryInformationThread  (852, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff25000,Pid=1656,Tid=1288,}, 0x0, ) == 0x0
 02326  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58094, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0x\6\0\0\10\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0x\6\0\0\10\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58095, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58094, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0x\6\0\0\10\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\3\0\0x\6\0\0\10\5\0\0" )  ) == 0x0
 02327  1248   NtResumeThread  (852, ... 1, ) == 0x0
 02328  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02329  1288   NtWaitForSingleObject  (88, 0, 0x0, ...
 02328  1248   NtAllocateVirtualMemory  ... 165412864, 1048576, ) == 0x0
 02330  1248   NtAllocateVirtualMemory  (-1, 166453248, 0, 8192, 4096, 4, ... 166453248, 8192, ) == 0x0
 02331  1248   NtProtectVirtualMemory  (-1, (0x9ebe000), 4096, 260, ... (0x9ebe000), 4096, 4, ) == 0x0
 02332  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 856, {1656, 824}, ) == 0x0
 02333  1248   NtQueryInformationThread  (856, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff24000,Pid=1656,Tid=824,}, 0x0, ) == 0x0
 02334  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58095, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0x\6\0\08\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0x\6\0\08\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58096, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58095, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0x\6\0\08\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\3\0\0x\6\0\08\3\0\0" )  ) == 0x0
 02335  1248   NtResumeThread  (856, ... 1, ) == 0x0
 02336  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 166461440, 1048576, ) == 0x0
 02337  1248   NtAllocateVirtualMemory  (-1, 167501824, 0, 8192, 4096, 4, ... 167501824, 8192, ) == 0x0
 02338   824   NtWaitForSingleObject  (88, 0, 0x0, ...
 02339  1248   NtProtectVirtualMemory  (-1, (0x9fbe000), 4096, 260, ... (0x9fbe000), 4096, 4, ) == 0x0
 02340  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 860, {1656, 1404}, ) == 0x0
 02341  1248   NtQueryInformationThread  (860, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff23000,Pid=1656,Tid=1404,}, 0x0, ) == 0x0
 02342  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58096, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0x\6\0\0|\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0x\6\0\0|\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58097, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58096, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0x\6\0\0|\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\3\0\0x\6\0\0|\5\0\0" )  ) == 0x0
 02343  1248   NtResumeThread  (860, ... 1, ) == 0x0
 02344  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02345  1404   NtWaitForSingleObject  (88, 0, 0x0, ...
 02344  1248   NtAllocateVirtualMemory  ... 167510016, 1048576, ) == 0x0
 02346  1248   NtAllocateVirtualMemory  (-1, 168550400, 0, 8192, 4096, 4, ... 168550400, 8192, ) == 0x0
 02347  1248   NtProtectVirtualMemory  (-1, (0xa0be000), 4096, 260, ... (0xa0be000), 4096, 4, ) == 0x0
 02348  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 864, {1656, 1968}, ) == 0x0
 02349  1248   NtQueryInformationThread  (864, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff22000,Pid=1656,Tid=1968,}, 0x0, ) == 0x0
 02350  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58097, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0x\6\0\0\260\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0x\6\0\0\260\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58098, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58097, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0x\6\0\0\260\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\3\0\0x\6\0\0\260\7\0\0" )  ) == 0x0
 02351  1248   NtResumeThread  (864, ... 1, ) == 0x0
 02352  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 168558592, 1048576, ) == 0x0
 02353  1248   NtAllocateVirtualMemory  (-1, 169598976, 0, 8192, 4096, 4, ... 169598976, 8192, ) == 0x0
 02354  1968   NtWaitForSingleObject  (88, 0, 0x0, ...
 02355  1248   NtProtectVirtualMemory  (-1, (0xa1be000), 4096, 260, ... (0xa1be000), 4096, 4, ) == 0x0
 02356  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 868, {1656, 1440}, ) == 0x0
 02357  1248   NtQueryInformationThread  (868, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff21000,Pid=1656,Tid=1440,}, 0x0, ) == 0x0
 02358  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58098, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0x\6\0\0\240\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0x\6\0\0\240\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58099, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58098, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0x\6\0\0\240\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\3\0\0x\6\0\0\240\5\0\0" )  ) == 0x0
 02359  1248   NtResumeThread  (868, ... 1, ) == 0x0
 02360  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02361  1440   NtWaitForSingleObject  (88, 0, 0x0, ...
 02360  1248   NtAllocateVirtualMemory  ... 169607168, 1048576, ) == 0x0
 02362  1248   NtAllocateVirtualMemory  (-1, 170647552, 0, 8192, 4096, 4, ... 170647552, 8192, ) == 0x0
 02363  1248   NtProtectVirtualMemory  (-1, (0xa2be000), 4096, 260, ... (0xa2be000), 4096, 4, ) == 0x0
 02364  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 872, {1656, 1716}, ) == 0x0
 02365  1248   NtQueryInformationThread  (872, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff20000,Pid=1656,Tid=1716,}, 0x0, ) == 0x0
 02366  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58099, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0x\6\0\0\264\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0x\6\0\0\264\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58100, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58099, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0x\6\0\0\264\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGh\3\0\0x\6\0\0\264\6\0\0" )  ) == 0x0
 02367  1248   NtResumeThread  (872, ... 1, ) == 0x0
 02368  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 170655744, 1048576, ) == 0x0
 02369  1248   NtAllocateVirtualMemory  (-1, 171696128, 0, 8192, 4096, 4, ... 171696128, 8192, ) == 0x0
 02370  1716   NtWaitForSingleObject  (88, 0, 0x0, ...
 02371  1248   NtProtectVirtualMemory  (-1, (0xa3be000), 4096, 260, ... (0xa3be000), 4096, 4, ) == 0x0
 02372  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 876, {1656, 212}, ) == 0x0
 02373  1248   NtQueryInformationThread  (876, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1f000,Pid=1656,Tid=212,}, 0x0, ) == 0x0
 02374  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58100, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0x\6\0\0\324\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0x\6\0\0\324\0\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58101, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58100, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0x\6\0\0\324\0\0\0" ... {28, 56, reply, 0, 1656, 1248, 58101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\3\0\0x\6\0\0\324\0\0\0" )  ) == 0x0
 02375  1248   NtResumeThread  (876, ... 1, ) == 0x0
 02376  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02377   212   NtWaitForSingleObject  (88, 0, 0x0, ...
 02376  1248   NtAllocateVirtualMemory  ... 171704320, 1048576, ) == 0x0
 02378  1248   NtAllocateVirtualMemory  (-1, 172744704, 0, 8192, 4096, 4, ... 172744704, 8192, ) == 0x0
 02379  1248   NtProtectVirtualMemory  (-1, (0xa4be000), 4096, 260, ... (0xa4be000), 4096, 4, ) == 0x0
 02380  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 880, {1656, 488}, ) == 0x0
 02381  1248   NtQueryInformationThread  (880, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1e000,Pid=1656,Tid=488,}, 0x0, ) == 0x0
 02382  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58101, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0x\6\0\0\350\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0x\6\0\0\350\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58102, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58101, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0x\6\0\0\350\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGp\3\0\0x\6\0\0\350\1\0\0" )  ) == 0x0
 02383  1248   NtResumeThread  (880, ... 1, ) == 0x0
 02384  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 172752896, 1048576, ) == 0x0
 02385  1248   NtAllocateVirtualMemory  (-1, 173793280, 0, 8192, 4096, 4, ... 173793280, 8192, ) == 0x0
 02386   488   NtWaitForSingleObject  (88, 0, 0x0, ...
 02387  1248   NtProtectVirtualMemory  (-1, (0xa5be000), 4096, 260, ... (0xa5be000), 4096, 4, ) == 0x0
 02388  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 884, {1656, 792}, ) == 0x0
 02389  1248   NtQueryInformationThread  (884, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1d000,Pid=1656,Tid=792,}, 0x0, ) == 0x0
 02390  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58102, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0x\6\0\0\30\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0x\6\0\0\30\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58103, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58102, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0x\6\0\0\30\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGt\3\0\0x\6\0\0\30\3\0\0" )  ) == 0x0
 02391  1248   NtResumeThread  (884, ... 1, ) == 0x0
 02392  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02393   792   NtWaitForSingleObject  (88, 0, 0x0, ...
 02392  1248   NtAllocateVirtualMemory  ... 173801472, 1048576, ) == 0x0
 02394  1248   NtAllocateVirtualMemory  (-1, 174841856, 0, 8192, 4096, 4, ... 174841856, 8192, ) == 0x0
 02395  1248   NtProtectVirtualMemory  (-1, (0xa6be000), 4096, 260, ... (0xa6be000), 4096, 4, ) == 0x0
 02396  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 888, {1656, 1628}, ) == 0x0
 02397  1248   NtQueryInformationThread  (888, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1c000,Pid=1656,Tid=1628,}, 0x0, ) == 0x0
 02398  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58103, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0x\6\0\0\\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0x\6\0\0\\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58104, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58103, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0x\6\0\0\\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGx\3\0\0x\6\0\0\\6\0\0" )  ) == 0x0
 02399  1248   NtResumeThread  (888, ... 1, ) == 0x0
 02400  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 174850048, 1048576, ) == 0x0
 02401  1248   NtAllocateVirtualMemory  (-1, 175890432, 0, 8192, 4096, 4, ... 175890432, 8192, ) == 0x0
 02402  1628   NtWaitForSingleObject  (88, 0, 0x0, ...
 02403  1248   NtProtectVirtualMemory  (-1, (0xa7be000), 4096, 260, ... (0xa7be000), 4096, 4, ) == 0x0
 02404  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 892, {1656, 940}, ) == 0x0
 02405  1248   NtQueryInformationThread  (892, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1b000,Pid=1656,Tid=940,}, 0x0, ) == 0x0
 02406  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58104, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0x\6\0\0\254\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0x\6\0\0\254\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58105, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58104, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0x\6\0\0\254\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG|\3\0\0x\6\0\0\254\3\0\0" )  ) == 0x0
 02407  1248   NtResumeThread  (892, ... 1, ) == 0x0
 02408  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02409   940   NtWaitForSingleObject  (88, 0, 0x0, ...
 02408  1248   NtAllocateVirtualMemory  ... 175898624, 1048576, ) == 0x0
 02410  1248   NtAllocateVirtualMemory  (-1, 176939008, 0, 8192, 4096, 4, ... 176939008, 8192, ) == 0x0
 02411  1248   NtProtectVirtualMemory  (-1, (0xa8be000), 4096, 260, ... (0xa8be000), 4096, 4, ) == 0x0
 02412  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 896, {1656, 1588}, ) == 0x0
 02413  1248   NtQueryInformationThread  (896, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff1a000,Pid=1656,Tid=1588,}, 0x0, ) == 0x0
 02414  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58105, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0x\6\0\04\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0x\6\0\04\6\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58106, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58105, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0x\6\0\04\6\0\0" ... {28, 56, reply, 0, 1656, 1248, 58106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\3\0\0x\6\0\04\6\0\0" )  ) == 0x0
 02415  1248   NtResumeThread  (896, ... 1, ) == 0x0
 02416  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 176947200, 1048576, ) == 0x0
 02417  1248   NtAllocateVirtualMemory  (-1, 177987584, 0, 8192, 4096, 4, ... 177987584, 8192, ) == 0x0
 02418  1588   NtWaitForSingleObject  (88, 0, 0x0, ...
 02419  1248   NtProtectVirtualMemory  (-1, (0xa9be000), 4096, 260, ... (0xa9be000), 4096, 4, ) == 0x0
 02420  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 900, {1656, 312}, ) == 0x0
 02421  1248   NtQueryInformationThread  (900, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff19000,Pid=1656,Tid=312,}, 0x0, ) == 0x0
 02422  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58106, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0x\6\0\08\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0x\6\0\08\1\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58107, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58106, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0x\6\0\08\1\0\0" ... {28, 56, reply, 0, 1656, 1248, 58107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\204\3\0\0x\6\0\08\1\0\0" )  ) == 0x0
 02423  1248   NtResumeThread  (900, ... 1, ) == 0x0
 02424  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02425   312   NtWaitForSingleObject  (88, 0, 0x0, ...
 02424  1248   NtAllocateVirtualMemory  ... 177995776, 1048576, ) == 0x0
 02426  1248   NtAllocateVirtualMemory  (-1, 179036160, 0, 8192, 4096, 4, ... 179036160, 8192, ) == 0x0
 02427  1248   NtProtectVirtualMemory  (-1, (0xaabe000), 4096, 260, ... (0xaabe000), 4096, 4, ) == 0x0
 02428  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 904, {1656, 868}, ) == 0x0
 02429  1248   NtQueryInformationThread  (904, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff18000,Pid=1656,Tid=868,}, 0x0, ) == 0x0
 02430  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58107, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0x\6\0\0d\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0x\6\0\0d\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58108, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58107, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0x\6\0\0d\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\210\3\0\0x\6\0\0d\3\0\0" )  ) == 0x0
 02431  1248   NtResumeThread  (904, ... 1, ) == 0x0
 02432  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 179044352, 1048576, ) == 0x0
 02433  1248   NtAllocateVirtualMemory  (-1, 180084736, 0, 8192, 4096, 4, ... 180084736, 8192, ) == 0x0
 02434   868   NtWaitForSingleObject  (88, 0, 0x0, ...
 02435  1248   NtProtectVirtualMemory  (-1, (0xabbe000), 4096, 260, ... (0xabbe000), 4096, 4, ) == 0x0
 02436  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 908, {1656, 1304}, ) == 0x0
 02437  1248   NtQueryInformationThread  (908, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff17000,Pid=1656,Tid=1304,}, 0x0, ) == 0x0
 02438  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58108, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0x\6\0\0\30\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0x\6\0\0\30\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58109, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58108, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0x\6\0\0\30\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\214\3\0\0x\6\0\0\30\5\0\0" )  ) == 0x0
 02439  1248   NtResumeThread  (908, ... 1, ) == 0x0
 02440  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02441  1304   NtWaitForSingleObject  (88, 0, 0x0, ...
 02440  1248   NtAllocateVirtualMemory  ... 180092928, 1048576, ) == 0x0
 02442  1248   NtAllocateVirtualMemory  (-1, 181133312, 0, 8192, 4096, 4, ... 181133312, 8192, ) == 0x0
 02443  1248   NtProtectVirtualMemory  (-1, (0xacbe000), 4096, 260, ... (0xacbe000), 4096, 4, ) == 0x0
 02444  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 912, {1656, 808}, ) == 0x0
 02445  1248   NtQueryInformationThread  (912, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff16000,Pid=1656,Tid=808,}, 0x0, ) == 0x0
 02446  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58109, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0x\6\0\0(\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0x\6\0\0(\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58110, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58109, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0x\6\0\0(\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\220\3\0\0x\6\0\0(\3\0\0" )  ) == 0x0
 02447  1248   NtResumeThread  (912, ... 1, ) == 0x0
 02448  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 181141504, 1048576, ) == 0x0
 02449  1248   NtAllocateVirtualMemory  (-1, 182181888, 0, 8192, 4096, 4, ... 182181888, 8192, ) == 0x0
 02450   808   NtWaitForSingleObject  (88, 0, 0x0, ...
 02451  1248   NtProtectVirtualMemory  (-1, (0xadbe000), 4096, 260, ... (0xadbe000), 4096, 4, ) == 0x0
 02452  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 916, {1656, 1928}, ) == 0x0
 02453  1248   NtQueryInformationThread  (916, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff15000,Pid=1656,Tid=1928,}, 0x0, ) == 0x0
 02454  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58110, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0x\6\0\0\210\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0x\6\0\0\210\7\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58111, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58110, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0x\6\0\0\210\7\0\0" ... {28, 56, reply, 0, 1656, 1248, 58111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\224\3\0\0x\6\0\0\210\7\0\0" )  ) == 0x0
 02455  1248   NtResumeThread  (916, ... 1, ) == 0x0
 02456  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02457  1928   NtWaitForSingleObject  (88, 0, 0x0, ...
 02456  1248   NtAllocateVirtualMemory  ... 182190080, 1048576, ) == 0x0
 02458  1248   NtAllocateVirtualMemory  (-1, 183230464, 0, 8192, 4096, 4, ... 183230464, 8192, ) == 0x0
 02459  1248   NtProtectVirtualMemory  (-1, (0xaebe000), 4096, 260, ... (0xaebe000), 4096, 4, ) == 0x0
 02460  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 920, {1656, 760}, ) == 0x0
 02461  1248   NtQueryInformationThread  (920, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff14000,Pid=1656,Tid=760,}, 0x0, ) == 0x0
 02462  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58111, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0x\6\0\0\370\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0x\6\0\0\370\2\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58112, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58111, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0x\6\0\0\370\2\0\0" ... {28, 56, reply, 0, 1656, 1248, 58112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\230\3\0\0x\6\0\0\370\2\0\0" )  ) == 0x0
 02463  1248   NtResumeThread  (920, ... 1, ) == 0x0
 02464  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 183238656, 1048576, ) == 0x0
 02465  1248   NtAllocateVirtualMemory  (-1, 184279040, 0, 8192, 4096, 4, ... 184279040, 8192, ) == 0x0
 02466   760   NtWaitForSingleObject  (88, 0, 0x0, ...
 02467  1248   NtProtectVirtualMemory  (-1, (0xafbe000), 4096, 260, ... (0xafbe000), 4096, 4, ) == 0x0
 02468  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 924, {1656, 1516}, ) == 0x0
 02469  1248   NtQueryInformationThread  (924, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff13000,Pid=1656,Tid=1516,}, 0x0, ) == 0x0
 02470  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58112, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0x\6\0\0\354\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0x\6\0\0\354\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58113, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58112, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0x\6\0\0\354\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\234\3\0\0x\6\0\0\354\5\0\0" )  ) == 0x0
 02471  1248   NtResumeThread  (924, ... 1, ) == 0x0
 02472  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02473  1516   NtWaitForSingleObject  (88, 0, 0x0, ...
 02472  1248   NtAllocateVirtualMemory  ... 184287232, 1048576, ) == 0x0
 02474  1248   NtAllocateVirtualMemory  (-1, 185327616, 0, 8192, 4096, 4, ... 185327616, 8192, ) == 0x0
 02475  1248   NtProtectVirtualMemory  (-1, (0xb0be000), 4096, 260, ... (0xb0be000), 4096, 4, ) == 0x0
 02476  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 928, {1656, 776}, ) == 0x0
 02477  1248   NtQueryInformationThread  (928, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff12000,Pid=1656,Tid=776,}, 0x0, ) == 0x0
 02478  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58113, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0x\6\0\0\10\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0x\6\0\0\10\3\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58114, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58113, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0x\6\0\0\10\3\0\0" ... {28, 56, reply, 0, 1656, 1248, 58114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\240\3\0\0x\6\0\0\10\3\0\0" )  ) == 0x0
 02479  1248   NtResumeThread  (928, ... 1, ) == 0x0
 02480  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 185335808, 1048576, ) == 0x0
 02481  1248   NtAllocateVirtualMemory  (-1, 186376192, 0, 8192, 4096, 4, ... 186376192, 8192, ) == 0x0
 02482   776   NtWaitForSingleObject  (88, 0, 0x0, ...
 02483  1248   NtProtectVirtualMemory  (-1, (0xb1be000), 4096, 260, ... (0xb1be000), 4096, 4, ) == 0x0
 02484  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 932, {1656, 1396}, ) == 0x0
 02485  1248   NtQueryInformationThread  (932, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff11000,Pid=1656,Tid=1396,}, 0x0, ) == 0x0
 02486  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58114, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0x\6\0\0t\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0x\6\0\0t\5\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58115, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58114, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0x\6\0\0t\5\0\0" ... {28, 56, reply, 0, 1656, 1248, 58115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\244\3\0\0x\6\0\0t\5\0\0" )  ) == 0x0
 02487  1248   NtResumeThread  (932, ... 1, ) == 0x0
 02488  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02489  1396   NtWaitForSingleObject  (88, 0, 0x0, ...
 02488  1248   NtAllocateVirtualMemory  ... 186384384, 1048576, ) == 0x0
 02490  1248   NtAllocateVirtualMemory  (-1, 187424768, 0, 8192, 4096, 4, ... 187424768, 8192, ) == 0x0
 02491  1248   NtProtectVirtualMemory  (-1, (0xb2be000), 4096, 260, ... (0xb2be000), 4096, 4, ) == 0x0
 02492  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 936, {1656, 2052}, ) == 0x0
 02493  1248   NtQueryInformationThread  (936, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff10000,Pid=1656,Tid=2052,}, 0x0, ) == 0x0
 02494  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58115, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0x\6\0\0\4\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0x\6\0\0\4\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58116, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58115, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0x\6\0\0\4\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\250\3\0\0x\6\0\0\4\10\0\0" )  ) == 0x0
 02495  1248   NtResumeThread  (936, ... 1, ) == 0x0
 02496  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 187432960, 1048576, ) == 0x0
 02497  1248   NtAllocateVirtualMemory  (-1, 188473344, 0, 8192, 4096, 4, ... 188473344, 8192, ) == 0x0
 02498  2052   NtWaitForSingleObject  (88, 0, 0x0, ...
 02499  1248   NtProtectVirtualMemory  (-1, (0xb3be000), 4096, 260, ... (0xb3be000), 4096, 4, ) == 0x0
 02500  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 940, {1656, 2056}, ) == 0x0
 02501  1248   NtQueryInformationThread  (940, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0f000,Pid=1656,Tid=2056,}, 0x0, ) == 0x0
 02502  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58116, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0x\6\0\0\10\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0x\6\0\0\10\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58117, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58116, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0x\6\0\0\10\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\254\3\0\0x\6\0\0\10\10\0\0" )  ) == 0x0
 02503  1248   NtResumeThread  (940, ... 1, ) == 0x0
 02504  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02505  2056   NtWaitForSingleObject  (88, 0, 0x0, ...
 02504  1248   NtAllocateVirtualMemory  ... 188481536, 1048576, ) == 0x0
 02506  1248   NtAllocateVirtualMemory  (-1, 189521920, 0, 8192, 4096, 4, ... 189521920, 8192, ) == 0x0
 02507  1248   NtProtectVirtualMemory  (-1, (0xb4be000), 4096, 260, ... (0xb4be000), 4096, 4, ) == 0x0
 02508  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 944, {1656, 2060}, ) == 0x0
 02509  1248   NtQueryInformationThread  (944, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0e000,Pid=1656,Tid=2060,}, 0x0, ) == 0x0
 02510  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58117, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0x\6\0\0\14\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0x\6\0\0\14\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58118, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58117, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0x\6\0\0\14\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\260\3\0\0x\6\0\0\14\10\0\0" )  ) == 0x0
 02511  1248   NtResumeThread  (944, ... 1, ) == 0x0
 02512  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02513  2060   NtWaitForSingleObject  (88, 0, 0x0, ...
 02512  1248   NtAllocateVirtualMemory  ... 189530112, 1048576, ) == 0x0
 02514  1248   NtAllocateVirtualMemory  (-1, 190570496, 0, 8192, 4096, 4, ... 190570496, 8192, ) == 0x0
 02515  1248   NtProtectVirtualMemory  (-1, (0xb5be000), 4096, 260, ... (0xb5be000), 4096, 4, ) == 0x0
 02516  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 948, {1656, 2064}, ) == 0x0
 02517  1248   NtQueryInformationThread  (948, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0d000,Pid=1656,Tid=2064,}, 0x0, ) == 0x0
 02518  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58118, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0x\6\0\0\20\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0x\6\0\0\20\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58119, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58118, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0x\6\0\0\20\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\264\3\0\0x\6\0\0\20\10\0\0" )  ) == 0x0
 02519  1248   NtResumeThread  (948, ... 1, ) == 0x0
 02520  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 190578688, 1048576, ) == 0x0
 02521  1248   NtAllocateVirtualMemory  (-1, 191619072, 0, 8192, 4096, 4, ... 191619072, 8192, ) == 0x0
 02522  2064   NtWaitForSingleObject  (88, 0, 0x0, ...
 02523  1248   NtProtectVirtualMemory  (-1, (0xb6be000), 4096, 260, ... (0xb6be000), 4096, 4, ) == 0x0
 02524  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 952, {1656, 2068}, ) == 0x0
 02525  1248   NtQueryInformationThread  (952, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0c000,Pid=1656,Tid=2068,}, 0x0, ) == 0x0
 02526  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58119, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0x\6\0\0\24\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0x\6\0\0\24\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58120, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58119, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0x\6\0\0\24\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\3\0\0x\6\0\0\24\10\0\0" )  ) == 0x0
 02527  1248   NtResumeThread  (952, ... 1, ) == 0x0
 02528  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02529  2068   NtWaitForSingleObject  (88, 0, 0x0, ...
 02528  1248   NtAllocateVirtualMemory  ... 191627264, 1048576, ) == 0x0
 02530  1248   NtAllocateVirtualMemory  (-1, 192667648, 0, 8192, 4096, 4, ... 192667648, 8192, ) == 0x0
 02531  1248   NtProtectVirtualMemory  (-1, (0xb7be000), 4096, 260, ... (0xb7be000), 4096, 4, ) == 0x0
 02532  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 956, {1656, 2072}, ) == 0x0
 02533  1248   NtQueryInformationThread  (956, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0b000,Pid=1656,Tid=2072,}, 0x0, ) == 0x0
 02534  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58120, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0x\6\0\0\30\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0x\6\0\0\30\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58121, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58120, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0x\6\0\0\30\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\274\3\0\0x\6\0\0\30\10\0\0" )  ) == 0x0
 02535  1248   NtResumeThread  (956, ... 1, ) == 0x0
 02536  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 192675840, 1048576, ) == 0x0
 02537  1248   NtAllocateVirtualMemory  (-1, 193716224, 0, 8192, 4096, 4, ... 193716224, 8192, ) == 0x0
 02538  2072   NtWaitForSingleObject  (88, 0, 0x0, ...
 02539  1248   NtProtectVirtualMemory  (-1, (0xb8be000), 4096, 260, ... (0xb8be000), 4096, 4, ) == 0x0
 02540  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 960, {1656, 2076}, ) == 0x0
 02541  1248   NtQueryInformationThread  (960, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff0a000,Pid=1656,Tid=2076,}, 0x0, ) == 0x0
 02542  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58121, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0x\6\0\0\34\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0x\6\0\0\34\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58122, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58121, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0x\6\0\0\34\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\3\0\0x\6\0\0\34\10\0\0" )  ) == 0x0
 02543  1248   NtResumeThread  (960, ... 1, ) == 0x0
 02544  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02545  2076   NtWaitForSingleObject  (88, 0, 0x0, ...
 02544  1248   NtAllocateVirtualMemory  ... 193724416, 1048576, ) == 0x0
 02546  1248   NtAllocateVirtualMemory  (-1, 194764800, 0, 8192, 4096, 4, ... 194764800, 8192, ) == 0x0
 02547  1248   NtProtectVirtualMemory  (-1, (0xb9be000), 4096, 260, ... (0xb9be000), 4096, 4, ) == 0x0
 02548  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 964, {1656, 2080}, ) == 0x0
 02549  1248   NtQueryInformationThread  (964, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff09000,Pid=1656,Tid=2080,}, 0x0, ) == 0x0
 02550  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58122, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0x\6\0\0 \10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0x\6\0\0 \10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58123, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58122, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0x\6\0\0 \10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\304\3\0\0x\6\0\0 \10\0\0" )  ) == 0x0
 02551  1248   NtResumeThread  (964, ... 1, ) == 0x0
 02552  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 194772992, 1048576, ) == 0x0
 02553  1248   NtAllocateVirtualMemory  (-1, 195813376, 0, 8192, 4096, 4, ... 195813376, 8192, ) == 0x0
 02554  2080   NtWaitForSingleObject  (88, 0, 0x0, ...
 02555  1248   NtProtectVirtualMemory  (-1, (0xbabe000), 4096, 260, ... (0xbabe000), 4096, 4, ) == 0x0
 02556  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 968, {1656, 2084}, ) == 0x0
 02557  1248   NtQueryInformationThread  (968, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff08000,Pid=1656,Tid=2084,}, 0x0, ) == 0x0
 02558  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58123, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0x\6\0\0$\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0x\6\0\0$\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58124, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58123, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0x\6\0\0$\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\310\3\0\0x\6\0\0$\10\0\0" )  ) == 0x0
 02559  1248   NtResumeThread  (968, ... 1, ) == 0x0
 02560  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02561  2084   NtWaitForSingleObject  (88, 0, 0x0, ...
 02560  1248   NtAllocateVirtualMemory  ... 195821568, 1048576, ) == 0x0
 02562  1248   NtAllocateVirtualMemory  (-1, 196861952, 0, 8192, 4096, 4, ... 196861952, 8192, ) == 0x0
 02563  1248   NtProtectVirtualMemory  (-1, (0xbbbe000), 4096, 260, ... (0xbbbe000), 4096, 4, ) == 0x0
 02564  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 972, {1656, 2088}, ) == 0x0
 02565  1248   NtQueryInformationThread  (972, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff07000,Pid=1656,Tid=2088,}, 0x0, ) == 0x0
 02566  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58124, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0x\6\0\0(\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0x\6\0\0(\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58125, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58124, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0x\6\0\0(\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\314\3\0\0x\6\0\0(\10\0\0" )  ) == 0x0
 02567  1248   NtResumeThread  (972, ... 1, ) == 0x0
 02568  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 196870144, 1048576, ) == 0x0
 02569  1248   NtAllocateVirtualMemory  (-1, 197910528, 0, 8192, 4096, 4, ... 197910528, 8192, ) == 0x0
 02570  2088   NtWaitForSingleObject  (88, 0, 0x0, ...
 02571  1248   NtProtectVirtualMemory  (-1, (0xbcbe000), 4096, 260, ... (0xbcbe000), 4096, 4, ) == 0x0
 02572  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 976, {1656, 2092}, ) == 0x0
 02573  1248   NtQueryInformationThread  (976, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff06000,Pid=1656,Tid=2092,}, 0x0, ) == 0x0
 02574  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58125, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0x\6\0\0,\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0x\6\0\0,\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58126, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58125, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0x\6\0\0,\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\320\3\0\0x\6\0\0,\10\0\0" )  ) == 0x0
 02575  1248   NtResumeThread  (976, ... 1, ) == 0x0
 02576  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02577  2092   NtWaitForSingleObject  (88, 0, 0x0, ...
 02576  1248   NtAllocateVirtualMemory  ... 197918720, 1048576, ) == 0x0
 02578  1248   NtAllocateVirtualMemory  (-1, 198959104, 0, 8192, 4096, 4, ... 198959104, 8192, ) == 0x0
 02579  1248   NtProtectVirtualMemory  (-1, (0xbdbe000), 4096, 260, ... (0xbdbe000), 4096, 4, ) == 0x0
 02580  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 980, {1656, 2096}, ) == 0x0
 02581  1248   NtQueryInformationThread  (980, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff05000,Pid=1656,Tid=2096,}, 0x0, ) == 0x0
 02582  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58126, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0x\6\0\00\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0x\6\0\00\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58127, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58126, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0x\6\0\00\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\324\3\0\0x\6\0\00\10\0\0" )  ) == 0x0
 02583  1248   NtResumeThread  (980, ... 1, ) == 0x0
 02584  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 198967296, 1048576, ) == 0x0
 02585  1248   NtAllocateVirtualMemory  (-1, 200007680, 0, 8192, 4096, 4, ... 200007680, 8192, ) == 0x0
 02586  2096   NtWaitForSingleObject  (88, 0, 0x0, ...
 02587  1248   NtProtectVirtualMemory  (-1, (0xbebe000), 4096, 260, ... (0xbebe000), 4096, 4, ) == 0x0
 02588  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 984, {1656, 2100}, ) == 0x0
 02589  1248   NtQueryInformationThread  (984, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff04000,Pid=1656,Tid=2100,}, 0x0, ) == 0x0
 02590  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58127, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0x\6\0\04\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0x\6\0\04\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58128, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58127, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0x\6\0\04\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\3\0\0x\6\0\04\10\0\0" )  ) == 0x0
 02591  1248   NtResumeThread  (984, ... 1, ) == 0x0
 02592  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02593  2100   NtWaitForSingleObject  (88, 0, 0x0, ...
 02592  1248   NtAllocateVirtualMemory  ... 200015872, 1048576, ) == 0x0
 02594  1248   NtAllocateVirtualMemory  (-1, 201056256, 0, 8192, 4096, 4, ... 201056256, 8192, ) == 0x0
 02595  1248   NtProtectVirtualMemory  (-1, (0xbfbe000), 4096, 260, ... (0xbfbe000), 4096, 4, ) == 0x0
 02596  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 988, {1656, 2104}, ) == 0x0
 02597  1248   NtQueryInformationThread  (988, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff03000,Pid=1656,Tid=2104,}, 0x0, ) == 0x0
 02598  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58128, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0x\6\0\08\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0x\6\0\08\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58129, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58128, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0x\6\0\08\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\334\3\0\0x\6\0\08\10\0\0" )  ) == 0x0
 02599  1248   NtResumeThread  (988, ... 1, ) == 0x0
 02600  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 201064448, 1048576, ) == 0x0
 02601  1248   NtAllocateVirtualMemory  (-1, 202104832, 0, 8192, 4096, 4, ... 202104832, 8192, ) == 0x0
 02602  2104   NtWaitForSingleObject  (88, 0, 0x0, ...
 02603  1248   NtProtectVirtualMemory  (-1, (0xc0be000), 4096, 260, ... (0xc0be000), 4096, 4, ) == 0x0
 02604  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 992, {1656, 2108}, ) == 0x0
 02605  1248   NtQueryInformationThread  (992, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff02000,Pid=1656,Tid=2108,}, 0x0, ) == 0x0
 02606  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58129, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0x\6\0\0<\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0x\6\0\0<\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58130, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58129, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0x\6\0\0<\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\340\3\0\0x\6\0\0<\10\0\0" )  ) == 0x0
 02607  1248   NtResumeThread  (992, ... 1, ) == 0x0
 02608  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02609  2108   NtWaitForSingleObject  (88, 0, 0x0, ...
 02608  1248   NtAllocateVirtualMemory  ... 202113024, 1048576, ) == 0x0
 02610  1248   NtAllocateVirtualMemory  (-1, 203153408, 0, 8192, 4096, 4, ... 203153408, 8192, ) == 0x0
 02611  1248   NtProtectVirtualMemory  (-1, (0xc1be000), 4096, 260, ... (0xc1be000), 4096, 4, ) == 0x0
 02612  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 996, {1656, 2112}, ) == 0x0
 02613  1248   NtQueryInformationThread  (996, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff01000,Pid=1656,Tid=2112,}, 0x0, ) == 0x0
 02614  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58130, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0x\6\0\0@\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0x\6\0\0@\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58131, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58130, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0x\6\0\0@\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\344\3\0\0x\6\0\0@\10\0\0" )  ) == 0x0
 02615  1248   NtResumeThread  (996, ... 1, ) == 0x0
 02616  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 203161600, 1048576, ) == 0x0
 02617  1248   NtAllocateVirtualMemory  (-1, 204201984, 0, 8192, 4096, 4, ... 204201984, 8192, ) == 0x0
 02618  2112   NtWaitForSingleObject  (88, 0, 0x0, ...
 02619  1248   NtProtectVirtualMemory  (-1, (0xc2be000), 4096, 260, ... (0xc2be000), 4096, 4, ) == 0x0
 02620  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1000, {1656, 2116}, ) == 0x0
 02621  1248   NtQueryInformationThread  (1000, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff00000,Pid=1656,Tid=2116,}, 0x0, ) == 0x0
 02622  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58131, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0x\6\0\0D\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0x\6\0\0D\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58132, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58131, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0x\6\0\0D\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\350\3\0\0x\6\0\0D\10\0\0" )  ) == 0x0
 02623  1248   NtResumeThread  (1000, ... 1, ) == 0x0
 02624  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02625  2116   NtWaitForSingleObject  (88, 0, 0x0, ...
 02624  1248   NtAllocateVirtualMemory  ... 204210176, 1048576, ) == 0x0
 02626  1248   NtAllocateVirtualMemory  (-1, 205250560, 0, 8192, 4096, 4, ... 205250560, 8192, ) == 0x0
 02627  1248   NtProtectVirtualMemory  (-1, (0xc3be000), 4096, 260, ... (0xc3be000), 4096, 4, ) == 0x0
 02628  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1004, {1656, 2120}, ) == 0x0
 02629  1248   NtQueryInformationThread  (1004, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feff000,Pid=1656,Tid=2120,}, 0x0, ) == 0x0
 02630  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58132, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0x\6\0\0H\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0x\6\0\0H\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58133, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58132, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0x\6\0\0H\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\3\0\0x\6\0\0H\10\0\0" )  ) == 0x0
 02631  1248   NtResumeThread  (1004, ... 1, ) == 0x0
 02632  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 205258752, 1048576, ) == 0x0
 02633  1248   NtAllocateVirtualMemory  (-1, 206299136, 0, 8192, 4096, 4, ... 206299136, 8192, ) == 0x0
 02634  2120   NtWaitForSingleObject  (88, 0, 0x0, ...
 02635  1248   NtProtectVirtualMemory  (-1, (0xc4be000), 4096, 260, ... (0xc4be000), 4096, 4, ) == 0x0
 02636  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1008, {1656, 2124}, ) == 0x0
 02637  1248   NtQueryInformationThread  (1008, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefe000,Pid=1656,Tid=2124,}, 0x0, ) == 0x0
 02638  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58133, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0x\6\0\0L\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0x\6\0\0L\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58134, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58133, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0x\6\0\0L\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\360\3\0\0x\6\0\0L\10\0\0" )  ) == 0x0
 02639  1248   NtResumeThread  (1008, ... 1, ) == 0x0
 02640  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02641  2124   NtWaitForSingleObject  (88, 0, 0x0, ...
 02640  1248   NtAllocateVirtualMemory  ... 206307328, 1048576, ) == 0x0
 02642  1248   NtAllocateVirtualMemory  (-1, 207347712, 0, 8192, 4096, 4, ... 207347712, 8192, ) == 0x0
 02643  1248   NtProtectVirtualMemory  (-1, (0xc5be000), 4096, 260, ... (0xc5be000), 4096, 4, ) == 0x0
 02644  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1012, {1656, 2128}, ) == 0x0
 02645  1248   NtQueryInformationThread  (1012, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefd000,Pid=1656,Tid=2128,}, 0x0, ) == 0x0
 02646  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58134, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0x\6\0\0P\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0x\6\0\0P\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58135, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58134, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0x\6\0\0P\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\364\3\0\0x\6\0\0P\10\0\0" )  ) == 0x0
 02647  1248   NtResumeThread  (1012, ... 1, ) == 0x0
 02648  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 207355904, 1048576, ) == 0x0
 02649  1248   NtAllocateVirtualMemory  (-1, 208396288, 0, 8192, 4096, 4, ... 208396288, 8192, ) == 0x0
 02650  2128   NtWaitForSingleObject  (88, 0, 0x0, ...
 02651  1248   NtProtectVirtualMemory  (-1, (0xc6be000), 4096, 260, ... (0xc6be000), 4096, 4, ) == 0x0
 02652  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1016, {1656, 2132}, ) == 0x0
 02653  1248   NtQueryInformationThread  (1016, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefc000,Pid=1656,Tid=2132,}, 0x0, ) == 0x0
 02654  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58135, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0x\6\0\0T\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0x\6\0\0T\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58136, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58135, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0x\6\0\0T\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\370\3\0\0x\6\0\0T\10\0\0" )  ) == 0x0
 02655  1248   NtResumeThread  (1016, ... 1, ) == 0x0
 02656  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02657  2132   NtWaitForSingleObject  (88, 0, 0x0, ...
 02656  1248   NtAllocateVirtualMemory  ... 208404480, 1048576, ) == 0x0
 02658  1248   NtAllocateVirtualMemory  (-1, 209444864, 0, 8192, 4096, 4, ... 209444864, 8192, ) == 0x0
 02659  1248   NtProtectVirtualMemory  (-1, (0xc7be000), 4096, 260, ... (0xc7be000), 4096, 4, ) == 0x0
 02660  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1020, {1656, 2136}, ) == 0x0
 02661  1248   NtQueryInformationThread  (1020, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefb000,Pid=1656,Tid=2136,}, 0x0, ) == 0x0
 02662  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58136, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0x\6\0\0X\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0x\6\0\0X\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58137, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58136, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0x\6\0\0X\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\374\3\0\0x\6\0\0X\10\0\0" )  ) == 0x0
 02663  1248   NtResumeThread  (1020, ... 1, ) == 0x0
 02664  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 209453056, 1048576, ) == 0x0
 02665  1248   NtAllocateVirtualMemory  (-1, 210493440, 0, 8192, 4096, 4, ... 210493440, 8192, ) == 0x0
 02666  2136   NtWaitForSingleObject  (88, 0, 0x0, ...
 02667  1248   NtProtectVirtualMemory  (-1, (0xc8be000), 4096, 260, ... (0xc8be000), 4096, 4, ) == 0x0
 02668  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1024, {1656, 2140}, ) == 0x0
 02669  1248   NtQueryInformationThread  (1024, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fefa000,Pid=1656,Tid=2140,}, 0x0, ) == 0x0
 02670  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58137, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0x\6\0\0\\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0x\6\0\0\\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58138, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58137, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0x\6\0\0\\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\4\0\0x\6\0\0\\10\0\0" )  ) == 0x0
 02671  1248   NtResumeThread  (1024, ... 1, ) == 0x0
 02672  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02673  2140   NtWaitForSingleObject  (88, 0, 0x0, ...
 02672  1248   NtAllocateVirtualMemory  ... 210501632, 1048576, ) == 0x0
 02674  1248   NtAllocateVirtualMemory  (-1, 211542016, 0, 8192, 4096, 4, ... 211542016, 8192, ) == 0x0
 02675  1248   NtProtectVirtualMemory  (-1, (0xc9be000), 4096, 260, ... (0xc9be000), 4096, 4, ) == 0x0
 02676  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1028, {1656, 2144}, ) == 0x0
 02677  1248   NtQueryInformationThread  (1028, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef9000,Pid=1656,Tid=2144,}, 0x0, ) == 0x0
 02678  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58138, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0x\6\0\0`\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0x\6\0\0`\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58139, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58138, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0x\6\0\0`\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\4\4\0\0x\6\0\0`\10\0\0" )  ) == 0x0
 02679  1248   NtResumeThread  (1028, ... 1, ) == 0x0
 02680  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 211550208, 1048576, ) == 0x0
 02681  1248   NtAllocateVirtualMemory  (-1, 212590592, 0, 8192, 4096, 4, ... 212590592, 8192, ) == 0x0
 02682  2144   NtWaitForSingleObject  (88, 0, 0x0, ...
 02683  1248   NtProtectVirtualMemory  (-1, (0xcabe000), 4096, 260, ... (0xcabe000), 4096, 4, ) == 0x0
 02684  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1032, {1656, 2148}, ) == 0x0
 02685  1248   NtQueryInformationThread  (1032, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef8000,Pid=1656,Tid=2148,}, 0x0, ) == 0x0
 02686  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58139, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0x\6\0\0d\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0x\6\0\0d\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58140, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58139, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0x\6\0\0d\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\10\4\0\0x\6\0\0d\10\0\0" )  ) == 0x0
 02687  1248   NtResumeThread  (1032, ... 1, ) == 0x0
 02688  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02689  2148   NtWaitForSingleObject  (88, 0, 0x0, ...
 02688  1248   NtAllocateVirtualMemory  ... 212598784, 1048576, ) == 0x0
 02690  1248   NtAllocateVirtualMemory  (-1, 213639168, 0, 8192, 4096, 4, ... 213639168, 8192, ) == 0x0
 02691  1248   NtProtectVirtualMemory  (-1, (0xcbbe000), 4096, 260, ... (0xcbbe000), 4096, 4, ) == 0x0
 02692  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1036, {1656, 2152}, ) == 0x0
 02693  1248   NtQueryInformationThread  (1036, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef7000,Pid=1656,Tid=2152,}, 0x0, ) == 0x0
 02694  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58140, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0x\6\0\0h\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0x\6\0\0h\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58141, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58140, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0x\6\0\0h\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\14\4\0\0x\6\0\0h\10\0\0" )  ) == 0x0
 02695  1248   NtResumeThread  (1036, ... 1, ) == 0x0
 02696  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 213647360, 1048576, ) == 0x0
 02697  1248   NtAllocateVirtualMemory  (-1, 214687744, 0, 8192, 4096, 4, ... 214687744, 8192, ) == 0x0
 02698  2152   NtWaitForSingleObject  (88, 0, 0x0, ...
 02699  1248   NtProtectVirtualMemory  (-1, (0xccbe000), 4096, 260, ... (0xccbe000), 4096, 4, ) == 0x0
 02700  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1040, {1656, 2156}, ) == 0x0
 02701  1248   NtQueryInformationThread  (1040, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef6000,Pid=1656,Tid=2156,}, 0x0, ) == 0x0
 02702  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58141, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0x\6\0\0l\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0x\6\0\0l\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58142, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58141, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0x\6\0\0l\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\4\0\0x\6\0\0l\10\0\0" )  ) == 0x0
 02703  1248   NtResumeThread  (1040, ... 1, ) == 0x0
 02704  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02705  2156   NtWaitForSingleObject  (88, 0, 0x0, ...
 02704  1248   NtAllocateVirtualMemory  ... 214695936, 1048576, ) == 0x0
 02706  1248   NtAllocateVirtualMemory  (-1, 215736320, 0, 8192, 4096, 4, ... 215736320, 8192, ) == 0x0
 02707  1248   NtProtectVirtualMemory  (-1, (0xcdbe000), 4096, 260, ... (0xcdbe000), 4096, 4, ) == 0x0
 02708  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1044, {1656, 2160}, ) == 0x0
 02709  1248   NtQueryInformationThread  (1044, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef5000,Pid=1656,Tid=2160,}, 0x0, ) == 0x0
 02710  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58142, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0x\6\0\0p\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58143, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0x\6\0\0p\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58143, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58142, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0x\6\0\0p\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58143, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\24\4\0\0x\6\0\0p\10\0\0" )  ) == 0x0
 02711  1248   NtResumeThread  (1044, ... 1, ) == 0x0
 02712  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 215744512, 1048576, ) == 0x0
 02713  1248   NtAllocateVirtualMemory  (-1, 216784896, 0, 8192, 4096, 4, ... 216784896, 8192, ) == 0x0
 02714  2160   NtWaitForSingleObject  (88, 0, 0x0, ...
 02715  1248   NtProtectVirtualMemory  (-1, (0xcebe000), 4096, 260, ... (0xcebe000), 4096, 4, ) == 0x0
 02716  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1048, {1656, 2164}, ) == 0x0
 02717  1248   NtQueryInformationThread  (1048, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef4000,Pid=1656,Tid=2164,}, 0x0, ) == 0x0
 02718  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58143, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58143, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0x\6\0\0t\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58144, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0x\6\0\0t\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58144, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58143, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0x\6\0\0t\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58144, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\30\4\0\0x\6\0\0t\10\0\0" )  ) == 0x0
 02719  1248   NtResumeThread  (1048, ... 1, ) == 0x0
 02720  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02721  2164   NtWaitForSingleObject  (88, 0, 0x0, ...
 02720  1248   NtAllocateVirtualMemory  ... 216793088, 1048576, ) == 0x0
 02722  1248   NtAllocateVirtualMemory  (-1, 217833472, 0, 8192, 4096, 4, ... 217833472, 8192, ) == 0x0
 02723  1248   NtProtectVirtualMemory  (-1, (0xcfbe000), 4096, 260, ... (0xcfbe000), 4096, 4, ) == 0x0
 02724  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1052, {1656, 2168}, ) == 0x0
 02725  1248   NtQueryInformationThread  (1052, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef3000,Pid=1656,Tid=2168,}, 0x0, ) == 0x0
 02726  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58144, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58144, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0x\6\0\0x\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0x\6\0\0x\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58145, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58144, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0x\6\0\0x\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\34\4\0\0x\6\0\0x\10\0\0" )  ) == 0x0
 02727  1248   NtResumeThread  (1052, ... 1, ) == 0x0
 02728  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 217841664, 1048576, ) == 0x0
 02729  1248   NtAllocateVirtualMemory  (-1, 218882048, 0, 8192, 4096, 4, ... 218882048, 8192, ) == 0x0
 02730  2168   NtWaitForSingleObject  (88, 0, 0x0, ...
 02731  1248   NtProtectVirtualMemory  (-1, (0xd0be000), 4096, 260, ... (0xd0be000), 4096, 4, ) == 0x0
 02732  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1056, {1656, 2172}, ) == 0x0
 02733  1248   NtQueryInformationThread  (1056, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef2000,Pid=1656,Tid=2172,}, 0x0, ) == 0x0
 02734  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58145, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0x\6\0\0|\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0x\6\0\0|\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58146, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58145, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0x\6\0\0|\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG \4\0\0x\6\0\0|\10\0\0" )  ) == 0x0
 02735  1248   NtResumeThread  (1056, ... 1, ) == 0x0
 02736  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02737  2172   NtWaitForSingleObject  (88, 0, 0x0, ...
 02736  1248   NtAllocateVirtualMemory  ... 218890240, 1048576, ) == 0x0
 02738  1248   NtAllocateVirtualMemory  (-1, 219930624, 0, 8192, 4096, 4, ... 219930624, 8192, ) == 0x0
 02739  1248   NtProtectVirtualMemory  (-1, (0xd1be000), 4096, 260, ... (0xd1be000), 4096, 4, ) == 0x0
 02740  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1060, {1656, 2176}, ) == 0x0
 02741  1248   NtQueryInformationThread  (1060, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef1000,Pid=1656,Tid=2176,}, 0x0, ) == 0x0
 02742  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58146, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0x\6\0\0\200\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0x\6\0\0\200\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58147, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58146, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0x\6\0\0\200\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG$\4\0\0x\6\0\0\200\10\0\0" )  ) == 0x0
 02743  1248   NtResumeThread  (1060, ... 1, ) == 0x0
 02744  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 219938816, 1048576, ) == 0x0
 02745  1248   NtAllocateVirtualMemory  (-1, 220979200, 0, 8192, 4096, 4, ... 220979200, 8192, ) == 0x0
 02746  2176   NtWaitForSingleObject  (88, 0, 0x0, ...
 02747  1248   NtProtectVirtualMemory  (-1, (0xd2be000), 4096, 260, ... (0xd2be000), 4096, 4, ) == 0x0
 02748  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1064, {1656, 2180}, ) == 0x0
 02749  1248   NtQueryInformationThread  (1064, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fef0000,Pid=1656,Tid=2180,}, 0x0, ) == 0x0
 02750  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58147, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0x\6\0\0\204\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0x\6\0\0\204\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58148, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58147, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0x\6\0\0\204\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\4\0\0x\6\0\0\204\10\0\0" )  ) == 0x0
 02751  1248   NtResumeThread  (1064, ... 1, ) == 0x0
 02752  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02753  2180   NtWaitForSingleObject  (88, 0, 0x0, ...
 02752  1248   NtAllocateVirtualMemory  ... 220987392, 1048576, ) == 0x0
 02754  1248   NtAllocateVirtualMemory  (-1, 222027776, 0, 8192, 4096, 4, ... 222027776, 8192, ) == 0x0
 02755  1248   NtProtectVirtualMemory  (-1, (0xd3be000), 4096, 260, ... (0xd3be000), 4096, 4, ) == 0x0
 02756  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1068, {1656, 2184}, ) == 0x0
 02757  1248   NtQueryInformationThread  (1068, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feef000,Pid=1656,Tid=2184,}, 0x0, ) == 0x0
 02758  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58148, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0x\6\0\0\210\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0x\6\0\0\210\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58149, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58148, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0x\6\0\0\210\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG,\4\0\0x\6\0\0\210\10\0\0" )  ) == 0x0
 02759  1248   NtResumeThread  (1068, ... 1, ) == 0x0
 02760  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 222035968, 1048576, ) == 0x0
 02761  1248   NtAllocateVirtualMemory  (-1, 223076352, 0, 8192, 4096, 4, ... 223076352, 8192, ) == 0x0
 02762  2184   NtWaitForSingleObject  (88, 0, 0x0, ...
 02763  1248   NtProtectVirtualMemory  (-1, (0xd4be000), 4096, 260, ... (0xd4be000), 4096, 4, ) == 0x0
 02764  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1072, {1656, 2188}, ) == 0x0
 02765  1248   NtQueryInformationThread  (1072, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feee000,Pid=1656,Tid=2188,}, 0x0, ) == 0x0
 02766  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58149, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0x\6\0\0\214\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0x\6\0\0\214\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58150, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58149, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0x\6\0\0\214\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG0\4\0\0x\6\0\0\214\10\0\0" )  ) == 0x0
 02767  1248   NtResumeThread  (1072, ... 1, ) == 0x0
 02768  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02769  2188   NtWaitForSingleObject  (88, 0, 0x0, ...
 02768  1248   NtAllocateVirtualMemory  ... 223084544, 1048576, ) == 0x0
 02770  1248   NtAllocateVirtualMemory  (-1, 224124928, 0, 8192, 4096, 4, ... 224124928, 8192, ) == 0x0
 02771  1248   NtProtectVirtualMemory  (-1, (0xd5be000), 4096, 260, ... (0xd5be000), 4096, 4, ) == 0x0
 02772  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1076, {1656, 2192}, ) == 0x0
 02773  1248   NtQueryInformationThread  (1076, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feed000,Pid=1656,Tid=2192,}, 0x0, ) == 0x0
 02774  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58150, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0x\6\0\0\220\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0x\6\0\0\220\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58151, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58150, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0x\6\0\0\220\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG4\4\0\0x\6\0\0\220\10\0\0" )  ) == 0x0
 02775  1248   NtResumeThread  (1076, ... 1, ) == 0x0
 02776  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 224133120, 1048576, ) == 0x0
 02777  1248   NtAllocateVirtualMemory  (-1, 225173504, 0, 8192, 4096, 4, ... 225173504, 8192, ) == 0x0
 02778  2192   NtWaitForSingleObject  (88, 0, 0x0, ...
 02779  1248   NtProtectVirtualMemory  (-1, (0xd6be000), 4096, 260, ... (0xd6be000), 4096, 4, ) == 0x0
 02780  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1080, {1656, 2196}, ) == 0x0
 02781  1248   NtQueryInformationThread  (1080, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feec000,Pid=1656,Tid=2196,}, 0x0, ) == 0x0
 02782  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58151, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0x\6\0\0\224\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0x\6\0\0\224\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58152, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58151, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0x\6\0\0\224\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG8\4\0\0x\6\0\0\224\10\0\0" )  ) == 0x0
 02783  1248   NtResumeThread  (1080, ... 1, ) == 0x0
 02784  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02785  2196   NtWaitForSingleObject  (88, 0, 0x0, ...
 02784  1248   NtAllocateVirtualMemory  ... 225181696, 1048576, ) == 0x0
 02786  1248   NtAllocateVirtualMemory  (-1, 226222080, 0, 8192, 4096, 4, ... 226222080, 8192, ) == 0x0
 02787  1248   NtProtectVirtualMemory  (-1, (0xd7be000), 4096, 260, ... (0xd7be000), 4096, 4, ) == 0x0
 02788  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1084, {1656, 2200}, ) == 0x0
 02789  1248   NtQueryInformationThread  (1084, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feeb000,Pid=1656,Tid=2200,}, 0x0, ) == 0x0
 02790  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58152, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0x\6\0\0\230\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0x\6\0\0\230\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58153, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58152, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0x\6\0\0\230\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG<\4\0\0x\6\0\0\230\10\0\0" )  ) == 0x0
 02791  1248   NtResumeThread  (1084, ... 1, ) == 0x0
 02792  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 226230272, 1048576, ) == 0x0
 02793  1248   NtAllocateVirtualMemory  (-1, 227270656, 0, 8192, 4096, 4, ... 227270656, 8192, ) == 0x0
 02794  2200   NtWaitForSingleObject  (88, 0, 0x0, ...
 02795  1248   NtProtectVirtualMemory  (-1, (0xd8be000), 4096, 260, ... (0xd8be000), 4096, 4, ) == 0x0
 02796  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1088, {1656, 2204}, ) == 0x0
 02797  1248   NtQueryInformationThread  (1088, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7feea000,Pid=1656,Tid=2204,}, 0x0, ) == 0x0
 02798  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58153, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0x\6\0\0\234\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0x\6\0\0\234\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58154, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58153, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0x\6\0\0\234\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\4\0\0x\6\0\0\234\10\0\0" )  ) == 0x0
 02799  1248   NtResumeThread  (1088, ... 1, ) == 0x0
 02800  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02801  2204   NtWaitForSingleObject  (88, 0, 0x0, ...
 02800  1248   NtAllocateVirtualMemory  ... 227278848, 1048576, ) == 0x0
 02802  1248   NtAllocateVirtualMemory  (-1, 228319232, 0, 8192, 4096, 4, ... 228319232, 8192, ) == 0x0
 02803  1248   NtProtectVirtualMemory  (-1, (0xd9be000), 4096, 260, ... (0xd9be000), 4096, 4, ) == 0x0
 02804  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1092, {1656, 2208}, ) == 0x0
 02805  1248   NtQueryInformationThread  (1092, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee9000,Pid=1656,Tid=2208,}, 0x0, ) == 0x0
 02806  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58154, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0x\6\0\0\240\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0x\6\0\0\240\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58155, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58154, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0x\6\0\0\240\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGD\4\0\0x\6\0\0\240\10\0\0" )  ) == 0x0
 02807  1248   NtResumeThread  (1092, ... 1, ) == 0x0
 02808  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 228327424, 1048576, ) == 0x0
 02809  1248   NtAllocateVirtualMemory  (-1, 229367808, 0, 8192, 4096, 4, ... 229367808, 8192, ) == 0x0
 02810  2208   NtWaitForSingleObject  (88, 0, 0x0, ...
 02811  1248   NtProtectVirtualMemory  (-1, (0xdabe000), 4096, 260, ... (0xdabe000), 4096, 4, ) == 0x0
 02812  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1096, {1656, 2212}, ) == 0x0
 02813  1248   NtQueryInformationThread  (1096, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee8000,Pid=1656,Tid=2212,}, 0x0, ) == 0x0
 02814  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58155, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0x\6\0\0\244\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0x\6\0\0\244\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58156, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58155, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0x\6\0\0\244\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGH\4\0\0x\6\0\0\244\10\0\0" )  ) == 0x0
 02815  1248   NtResumeThread  (1096, ... 1, ) == 0x0
 02816  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02817  2212   NtWaitForSingleObject  (88, 0, 0x0, ...
 02816  1248   NtAllocateVirtualMemory  ... 229376000, 1048576, ) == 0x0
 02818  1248   NtAllocateVirtualMemory  (-1, 230416384, 0, 8192, 4096, 4, ... 230416384, 8192, ) == 0x0
 02819  1248   NtProtectVirtualMemory  (-1, (0xdbbe000), 4096, 260, ... (0xdbbe000), 4096, 4, ) == 0x0
 02820  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1100, {1656, 2216}, ) == 0x0
 02821  1248   NtQueryInformationThread  (1100, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee7000,Pid=1656,Tid=2216,}, 0x0, ) == 0x0
 02822  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58156, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0x\6\0\0\250\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0x\6\0\0\250\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58157, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58156, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0x\6\0\0\250\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGL\4\0\0x\6\0\0\250\10\0\0" )  ) == 0x0
 02823  1248   NtResumeThread  (1100, ... 1, ) == 0x0
 02824  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 230424576, 1048576, ) == 0x0
 02825  1248   NtAllocateVirtualMemory  (-1, 231464960, 0, 8192, 4096, 4, ... 231464960, 8192, ) == 0x0
 02826  2216   NtWaitForSingleObject  (88, 0, 0x0, ...
 02827  1248   NtProtectVirtualMemory  (-1, (0xdcbe000), 4096, 260, ... (0xdcbe000), 4096, 4, ) == 0x0
 02828  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1104, {1656, 2220}, ) == 0x0
 02829  1248   NtQueryInformationThread  (1104, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee6000,Pid=1656,Tid=2220,}, 0x0, ) == 0x0
 02830  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58157, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0x\6\0\0\254\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0x\6\0\0\254\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58158, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58157, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0x\6\0\0\254\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGP\4\0\0x\6\0\0\254\10\0\0" )  ) == 0x0
 02831  1248   NtResumeThread  (1104, ... 1, ) == 0x0
 02832  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02833  2220   NtWaitForSingleObject  (88, 0, 0x0, ...
 02832  1248   NtAllocateVirtualMemory  ... 231473152, 1048576, ) == 0x0
 02834  1248   NtAllocateVirtualMemory  (-1, 232513536, 0, 8192, 4096, 4, ... 232513536, 8192, ) == 0x0
 02835  1248   NtProtectVirtualMemory  (-1, (0xddbe000), 4096, 260, ... (0xddbe000), 4096, 4, ) == 0x0
 02836  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1108, {1656, 2224}, ) == 0x0
 02837  1248   NtQueryInformationThread  (1108, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee5000,Pid=1656,Tid=2224,}, 0x0, ) == 0x0
 02838  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58158, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0x\6\0\0\260\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0x\6\0\0\260\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58159, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58158, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0x\6\0\0\260\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGT\4\0\0x\6\0\0\260\10\0\0" )  ) == 0x0
 02839  1248   NtResumeThread  (1108, ... 1, ) == 0x0
 02840  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 232521728, 1048576, ) == 0x0
 02841  1248   NtAllocateVirtualMemory  (-1, 233562112, 0, 8192, 4096, 4, ... 233562112, 8192, ) == 0x0
 02842  2224   NtWaitForSingleObject  (88, 0, 0x0, ...
 02843  1248   NtProtectVirtualMemory  (-1, (0xdebe000), 4096, 260, ... (0xdebe000), 4096, 4, ) == 0x0
 02844  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1112, {1656, 2228}, ) == 0x0
 02845  1248   NtQueryInformationThread  (1112, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee4000,Pid=1656,Tid=2228,}, 0x0, ) == 0x0
 02846  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58159, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0x\6\0\0\264\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0x\6\0\0\264\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58160, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58159, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0x\6\0\0\264\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGX\4\0\0x\6\0\0\264\10\0\0" )  ) == 0x0
 02847  1248   NtResumeThread  (1112, ... 1, ) == 0x0
 02848  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02849  2228   NtWaitForSingleObject  (88, 0, 0x0, ...
 02848  1248   NtAllocateVirtualMemory  ... 233570304, 1048576, ) == 0x0
 02850  1248   NtAllocateVirtualMemory  (-1, 234610688, 0, 8192, 4096, 4, ... 234610688, 8192, ) == 0x0
 02851  1248   NtProtectVirtualMemory  (-1, (0xdfbe000), 4096, 260, ... (0xdfbe000), 4096, 4, ) == 0x0
 02852  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1116, {1656, 2232}, ) == 0x0
 02853  1248   NtQueryInformationThread  (1116, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee3000,Pid=1656,Tid=2232,}, 0x0, ) == 0x0
 02854  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58160, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0x\6\0\0\270\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0x\6\0\0\270\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58161, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58160, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0x\6\0\0\270\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\\4\0\0x\6\0\0\270\10\0\0" )  ) == 0x0
 02855  1248   NtResumeThread  (1116, ... 1, ) == 0x0
 02856  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 234618880, 1048576, ) == 0x0
 02857  1248   NtAllocateVirtualMemory  (-1, 235659264, 0, 8192, 4096, 4, ... 235659264, 8192, ) == 0x0
 02858  2232   NtWaitForSingleObject  (88, 0, 0x0, ...
 02859  1248   NtProtectVirtualMemory  (-1, (0xe0be000), 4096, 260, ... (0xe0be000), 4096, 4, ) == 0x0
 02860  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1120, {1656, 2236}, ) == 0x0
 02861  1248   NtQueryInformationThread  (1120, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee2000,Pid=1656,Tid=2236,}, 0x0, ) == 0x0
 02862  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58161, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0x\6\0\0\274\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0x\6\0\0\274\10\0\0" )  ... {28, 56, reply, 0, 1656, 1248, 58162, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58161, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0x\6\0\0\274\10\0\0" ... {28, 56, reply, 0, 1656, 1248, 58162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG`\4\0\0x\6\0\0\274\10\0\0" )  ) == 0x0
 02863  1248   NtResumeThread  (1120, ... 1, ) == 0x0
 02864  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02865  2236   NtWaitForSingleObject  (88, 0, 0x0, ...
 02864  1248   NtAllocateVirtualMemory  ... 235667456, 1048576, ) == 0x0
 02866  1248   NtAllocateVirtualMemory  (-1, 236707840, 0, 8192, 4096, 4, ... 236707840, 8192, ) == 0x0
 02867  1248   NtProtectVirtualMemory  (-1, (0xe1be000), 4096, 260, ... (0xe1be000), 4096, 4, ) == 0x0
 02868  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1124, {1656, 2240}, ) == 0x0
 02869  1248   NtQueryInformationThread  (1124, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee1000,Pid=1656,Tid=2240,}, 0x0, ) == 0x0
 02870  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58162, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58162, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0x\6\0\0\300\10\0\0" ...  ...
 02871  1580   NtUnmapViewOfSection  (-1, 0x850000, ... ) == 0x0
 02872  1580   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\wshtcpip.dll"}, 11007328, ... ) }, 11007328, ... ) == 0x0
 02873  1580   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\wshtcpip.dll"}, 5, 96, ... 1128, {status=0x0, info=1}, ) }, 5, 96, ... 1128, {status=0x0, info=1}, ) == 0x0
 02874  1580   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 1128, ... 1132, ) == 0x0
 02875  1580   NtQuerySection  (1132, Image, 48, ...
 02870  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58163, 0}  ... {28, 56, reply, 0, 1656, 1248, 58163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGd\4\0\0x\6\0\0\300\10\0\0" )  ) == 0x0
 02875  1580   NtQuerySection  ... {section info, class 1, size 48}, 0x0, ) == 0x0
 02876  1580   NtClose  (1128, ... ) == 0x0
 02877  1580   NtMapViewOfSection  (1132, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71a90000), 0x0, 32768, ) == 0x0
 02878  1580   NtClose  (1132, ... ) == 0x0
 02879  1580   NtProtectVirtualMemory  (-1, (0x71a91000), 128, 4, ... (0x71a91000), 4096, 32, ) == 0x0
 02880  1580   NtProtectVirtualMemory  (-1, (0x71a91000), 4096, 32, ...
 02881  1248   NtResumeThread  (1124, ... 1, ) == 0x0
 02882  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 236716032, 1048576, ) == 0x0
 02883  1248   NtAllocateVirtualMemory  (-1, 237756416, 0, 8192, 4096, 4, ... 237756416, 8192, ) == 0x0
 02884  1248   NtProtectVirtualMemory  (-1, (0xe2be000), 4096, 260, ... (0xe2be000), 4096, 4, ) == 0x0
 02885  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ... 1132, {1656, 2244}, ) == 0x0
 02886  1248   NtQueryInformationThread  (1132, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7fee0000,Pid=1656,Tid=2244,}, 0x0, ) == 0x0
 02880  1580   NtProtectVirtualMemory  ... (0x71a91000), 4096, 4, ) == 0x0
 02887  2240   NtWaitForSingleObject  (88, 0, 0x0, ...
 02888  1580   NtFlushInstructionCache  (-1, 1906905088, 128, ... ) == 0x0
 02889  1580   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wshtcpip.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02890  1580   NtSetEventBoostPriority  (88, ...
 01408  1756   NtWaitForSingleObject  ... ) == 0x0
 02891  1756   NtSetEventBoostPriority  (88, ...
 01409  2044   NtWaitForSingleObject  ... ) == 0x0
 02892  2044   NtSetEventBoostPriority  (88, ...
 01419   240   NtWaitForSingleObject  ... ) == 0x0
 02893   240   NtSetEventBoostPriority  (88, ...
 01425   968   NtWaitForSingleObject  ... ) == 0x0
 02894   968   NtSetEventBoostPriority  (88, ...
 01435   308   NtWaitForSingleObject  ... ) == 0x0
 02895   308   NtSetEventBoostPriority  (88, ...
 01441   764   NtWaitForSingleObject  ... ) == 0x0
 02896   764   NtSetEventBoostPriority  (88, ...
 01451  2000   NtWaitForSingleObject  ... ) == 0x0
 02897  2000   NtSetEventBoostPriority  (88, ...
 01457  1852   NtWaitForSingleObject  ... ) == 0x0
 02898  1852   NtSetEventBoostPriority  (88, ...
 01467  1420   NtWaitForSingleObject  ... ) == 0x0
 02899  1420   NtSetEventBoostPriority  (88, ...
 01473   164   NtWaitForSingleObject  ... ) == 0x0
 02900   164   NtSetEventBoostPriority  (88, ...
 01483  1564   NtWaitForSingleObject  ... ) == 0x0
 02901  1564   NtSetEventBoostPriority  (88, ...
 01489  1592   NtWaitForSingleObject  ... ) == 0x0
 02902  1592   NtSetEventBoostPriority  (88, ...
 01499  2032   NtWaitForSingleObject  ... ) == 0x0
 02903  2032   NtSetEventBoostPriority  (88, ...
 01505  1500   NtWaitForSingleObject  ... ) == 0x0
 02904  1500   NtSetEventBoostPriority  (88, ...
 01515   932   NtWaitForSingleObject  ... ) == 0x0
 02905   932   NtSetEventBoostPriority  (88, ...
 01521  1528   NtWaitForSingleObject  ... ) == 0x0
 02906  1528   NtSetEventBoostPriority  (88, ...
 01531  1780   NtWaitForSingleObject  ... ) == 0x0
 02907  1780   NtSetEventBoostPriority  (88, ...
 01537  1804   NtWaitForSingleObject  ... ) == 0x0
 02908  1804   NtSetEventBoostPriority  (88, ...
 01547  1644   NtWaitForSingleObject  ... ) == 0x0
 02909  1644   NtSetEventBoostPriority  (88, ...
 01553   336   NtWaitForSingleObject  ... ) == 0x0
 02910   336   NtSetEventBoostPriority  (88, ...
 01563   800   NtWaitForSingleObject  ... ) == 0x0
 02911   800   NtSetEventBoostPriority  (88, ...
 01569   504   NtWaitForSingleObject  ... ) == 0x0
 02912   504   NtAllocateVirtualMemory  (-1, 8806400, 0, 4096, 4096, 4, ... 8806400, 4096, ) == 0x0
 02911   800   NtSetEventBoostPriority  ... ) == 0x0
 02910   336   NtSetEventBoostPriority  ... ) == 0x0
 02909  1644   NtSetEventBoostPriority  ... ) == 0x0
 02908  1804   NtSetEventBoostPriority  ... ) == 0x0
 02907  1780   NtSetEventBoostPriority  ... ) == 0x0
 02906  1528   NtSetEventBoostPriority  ... ) == 0x0
 02905   932   NtSetEventBoostPriority  ... ) == 0x0
 02904  1500   NtSetEventBoostPriority  ... ) == 0x0
 02903  2032   NtSetEventBoostPriority  ... ) == 0x0
 02902  1592   NtSetEventBoostPriority  ... ) == 0x0
 02901  1564   NtSetEventBoostPriority  ... ) == 0x0
 02900   164   NtSetEventBoostPriority  ... ) == 0x0
 02899  1420   NtSetEventBoostPriority  ... ) == 0x0
 02898  1852   NtSetEventBoostPriority  ... ) == 0x0
 02897  2000   NtSetEventBoostPriority  ... ) == 0x0
 02896   764   NtSetEventBoostPriority  ... ) == 0x0
 02895   308   NtSetEventBoostPriority  ... ) == 0x0
 02894   968   NtSetEventBoostPriority  ... ) == 0x0
 02893   240   NtSetEventBoostPriority  ... ) == 0x0
 02892  2044   NtSetEventBoostPriority  ... ) == 0x0
 02891  1756   NtSetEventBoostPriority  ... ) == 0x0
 02890  1580   NtSetEventBoostPriority  ... ) == 0x0
 02913  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58163, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58163, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0x\6\0\0\304\10\0\0" ...  ...
 02914   504   NtSetEventBoostPriority  (88, ...
 02915   800   NtTestAlert  (...
 02916   336   NtTestAlert  (...
 02917  1644   NtTestAlert  (...
 02918  1804   NtTestAlert  (...
 02919  1780   NtTestAlert  (...
 02920  1528   NtTestAlert  (...
 02921   932   NtTestAlert  (...
 02922  1500   NtTestAlert  (...
 02923  2032   NtTestAlert  (...
 02924  1592   NtTestAlert  (...
 02925  1564   NtTestAlert  (...
 02926   164   NtTestAlert  (...
 02927  1420   NtTestAlert  (...
 02928  1852   NtTestAlert  (...
 02929  2000   NtTestAlert  (...
 02930   764   NtTestAlert  (...
 02931   308   NtTestAlert  (...
 02932   968   NtTestAlert  (...
 02933   240   NtTestAlert  (...
 02934  2044   NtTestAlert  (...
 02935  1580   NtClose  (384, ...
 02913  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58164, 0}  ... {28, 56, reply, 0, 1656, 1248, 58164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFGl\4\0\0x\6\0\0\304\10\0\0" )  ) == 0x0
 01579   888   NtWaitForSingleObject  ... ) == 0x0
 02914   504   NtSetEventBoostPriority  ... ) == 0x0
 02915   800   NtTestAlert  ... ) == 0x0
 02916   336   NtTestAlert  ... ) == 0x0
 02917  1644   NtTestAlert  ... ) == 0x0
 02918  1804   NtTestAlert  ... ) == 0x0
 02919  1780   NtTestAlert  ... ) == 0x0
 02920  1528   NtTestAlert  ... ) == 0x0
 02921   932   NtTestAlert  ... ) == 0x0
 02922  1500   NtTestAlert  ... ) == 0x0
 02923  2032   NtTestAlert  ... ) == 0x0
 02924  1592   NtTestAlert  ... ) == 0x0
 02925  1564   NtTestAlert  ... ) == 0x0
 02926   164   NtTestAlert  ... ) == 0x0
 02927  1420   NtTestAlert  ... ) == 0x0
 02928  1852   NtTestAlert  ... ) == 0x0
 02929  2000   NtTestAlert  ... ) == 0x0
 02930   764   NtTestAlert  ... ) == 0x0
 02931   308   NtTestAlert  ... ) == 0x0
 02932   968   NtTestAlert  ... ) == 0x0
 02933   240   NtTestAlert  ... ) == 0x0
 02934  2044   NtTestAlert  ... ) == 0x0
 02935  1580   NtClose  ... ) == 0x0
 02936   888   NtSetEventBoostPriority  (88, ...
 02937  1248   NtResumeThread  (1132, ...
 02938   504   NtTestAlert  (...
 02939   800   NtContinue  (64748848, 1, ...
 02940   336   NtContinue  (63700272, 1, ...
 02941  1644   NtContinue  (62651696, 1, ...
 02942  1804   NtContinue  (61603120, 1, ...
 02943  1780   NtContinue  (60554544, 1, ...
 02944  1528   NtContinue  (59505968, 1, ...
 02945   932   NtContinue  (58457392, 1, ...
 02946  1500   NtContinue  (57408816, 1, ...
 02947  2032   NtContinue  (56360240, 1, ...
 02948  1592   NtContinue  (55311664, 1, ...
 02949  1564   NtContinue  (54263088, 1, ...
 02950   164   NtContinue  (53214512, 1, ...
 02951  1420   NtContinue  (52165936, 1, ...
 02952  1852   NtContinue  (51117360, 1, ...
 02953  2000   NtContinue  (50068784, 1, ...
 02954   764   NtContinue  (49020208, 1, ...
 02955   308   NtContinue  (47971632, 1, ...
 02956   968   NtContinue  (46923056, 1, ...
 02957   240   NtContinue  (45874480, 1, ...
 02958  2044   NtContinue  (44825904, 1, ...
 01585  1392   NtWaitForSingleObject  ... ) == 0x0
 02936   888   NtSetEventBoostPriority  ... ) == 0x0
 02959  1580   NtWaitForSingleObject  (88, 0, 0x0, ...
 02937  1248   NtResumeThread  ... 1, ) == 0x0
 02938   504   NtTestAlert  ... ) == 0x0
 02960   800   NtRegisterThreadTerminatePort  (24, ...
 02961   336   NtRegisterThreadTerminatePort  (24, ...
 02962  1644   NtRegisterThreadTerminatePort  (24, ...
 02963  1804   NtRegisterThreadTerminatePort  (24, ...
 02964  1780   NtRegisterThreadTerminatePort  (24, ...
 02965  1528   NtRegisterThreadTerminatePort  (24, ...
 02966   932   NtRegisterThreadTerminatePort  (24, ...
 02967  1500   NtRegisterThreadTerminatePort  (24, ...
 02968  2032   NtRegisterThreadTerminatePort  (24, ...
 02969  1592   NtRegisterThreadTerminatePort  (24, ...
 02970  1564   NtRegisterThreadTerminatePort  (24, ...
 02971   164   NtRegisterThreadTerminatePort  (24, ...
 02972  1420   NtRegisterThreadTerminatePort  (24, ...
 02973  1852   NtRegisterThreadTerminatePort  (24, ...
 02974  2000   NtRegisterThreadTerminatePort  (24, ...
 02975   764   NtRegisterThreadTerminatePort  (24, ...
 02976   308   NtRegisterThreadTerminatePort  (24, ...
 02977   968   NtRegisterThreadTerminatePort  (24, ...
 02978   240   NtRegisterThreadTerminatePort  (24, ...
 02979  1392   NtSetEventBoostPriority  (88, ...
 02980  2044   NtRegisterThreadTerminatePort  (24, ...
 02981  1756   NtCreateKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... }, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... , 0, ...
 02982  2244   NtWaitForSingleObject  (88, 0, 0x0, ...
 02983   888   NtTestAlert  (...
 02984  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02985   504   NtContinue  (65797424, 1, ...
 02960   800   NtRegisterThreadTerminatePort  ... ) == 0x0
 02961   336   NtRegisterThreadTerminatePort  ... ) == 0x0
 02962  1644   NtRegisterThreadTerminatePort  ... ) == 0x0
 02963  1804   NtRegisterThreadTerminatePort  ... ) == 0x0
 02964  1780   NtRegisterThreadTerminatePort  ... ) == 0x0
 02965  1528   NtRegisterThreadTerminatePort  ... ) == 0x0
 02966   932   NtRegisterThreadTerminatePort  ... ) == 0x0
 02967  1500   NtRegisterThreadTerminatePort  ... ) == 0x0
 02968  2032   NtRegisterThreadTerminatePort  ... ) == 0x0
 02969  1592   NtRegisterThreadTerminatePort  ... ) == 0x0
 02970  1564   NtRegisterThreadTerminatePort  ... ) == 0x0
 02971   164   NtRegisterThreadTerminatePort  ... ) == 0x0
 02972  1420   NtRegisterThreadTerminatePort  ... ) == 0x0
 02973  1852   NtRegisterThreadTerminatePort  ... ) == 0x0
 02974  2000   NtRegisterThreadTerminatePort  ... ) == 0x0
 02975   764   NtRegisterThreadTerminatePort  ... ) == 0x0
 02976   308   NtRegisterThreadTerminatePort  ... ) == 0x0
 02977   968   NtRegisterThreadTerminatePort  ... ) == 0x0
 01595  2020   NtWaitForSingleObject  ... ) == 0x0
 02979  1392   NtSetEventBoostPriority  ... ) == 0x0
 02978   240   NtRegisterThreadTerminatePort  ... ) == 0x0
 02980  2044   NtRegisterThreadTerminatePort  ... ) == 0x0
 02981  1756   NtCreateKey  ... 384, 2, ) == 0x0
 02983   888   NtTestAlert  ... ) == 0x0
 02986   504   NtRegisterThreadTerminatePort  (24, ...
 02987   800   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02988   336   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02989  1644   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02990  1804   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02991  1780   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02992  1528   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02993   932   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02994  1500   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02995  2032   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02996  1592   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02997  1564   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02998   164   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02999  1420   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03000  1852   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03001  2000   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03002   764   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03003   308   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03004  2020   NtSetEventBoostPriority  (88, ...
 03005   968   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02984  1248   NtAllocateVirtualMemory  ... 237764608, 1048576, ) == 0x0
 03006   240   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03007  2044   NtAllocateVirtualMemory  (-1, 1384448, 0, 4096, 4096, 4, ...
 03008  1756   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\DnsCache\Parameters"}, ... }, ...
 03009   888   NtContinue  (66846000, 1, ...
 03010  1392   NtTestAlert  (...
 02986   504   NtRegisterThreadTerminatePort  ... ) == 0x0
 02987   800   NtDuplicateObject  ... 1128, ) == 0x0
 02988   336   NtDuplicateObject  ... 1136, ) == 0x0
 02989  1644   NtDuplicateObject  ... 1140, ) == 0x0
 02990  1804   NtDuplicateObject  ... 1144, ) == 0x0
 02991  1780   NtDuplicateObject  ... 1148, ) == 0x0
 02992  1528   NtDuplicateObject  ... 1152, ) == 0x0
 02993   932   NtDuplicateObject  ... 1156, ) == 0x0
 02994  1500   NtDuplicateObject  ... 1160, ) == 0x0
 02995  2032   NtDuplicateObject  ... 1164, ) == 0x0
 02996  1592   NtDuplicateObject  ... 1168, ) == 0x0
 02997  1564   NtDuplicateObject  ... 1172, ) == 0x0
 02998   164   NtDuplicateObject  ... 1176, ) == 0x0
 02999  1420   NtDuplicateObject  ... 1180, ) == 0x0
 03000  1852   NtDuplicateObject  ... 1184, ) == 0x0
 03001  2000   NtDuplicateObject  ... 1188, ) == 0x0
 03002   764   NtDuplicateObject  ... 1192, ) == 0x0
 01601   740   NtWaitForSingleObject  ... ) == 0x0
 03004  2020   NtSetEventBoostPriority  ... ) == 0x0
 03003   308   NtDuplicateObject  ... 1196, ) == 0x0
 03011  1248   NtAllocateVirtualMemory  (-1, 238804992, 0, 8192, 4096, 4, ...
 03005   968   NtDuplicateObject  ... 1200, ) == 0x0
 03006   240   NtDuplicateObject  ... 1204, ) == 0x0
 03008  1756   NtOpenKey  ... 1208, ) == 0x0
 03012   888   NtRegisterThreadTerminatePort  (24, ...
 03010  1392   NtTestAlert  ... ) == 0x0
 03013   504   NtWaitForSingleObject  (272, 0, 0x0, ...
 03014   800   NtWaitForSingleObject  (272, 0, 0x0, ...
 03015   336   NtWaitForSingleObject  (272, 0, 0x0, ...
 03016  1644   NtWaitForSingleObject  (272, 0, 0x0, ...
 03017  1804   NtWaitForSingleObject  (272, 0, 0x0, ...
 03018  1780   NtWaitForSingleObject  (272, 0, 0x0, ...
 03019  1528   NtWaitForSingleObject  (272, 0, 0x0, ...
 03020   932   NtWaitForSingleObject  (272, 0, 0x0, ...
 03021  1500   NtWaitForSingleObject  (272, 0, 0x0, ...
 03022  2032   NtWaitForSingleObject  (272, 0, 0x0, ...
 03023  1592   NtWaitForSingleObject  (272, 0, 0x0, ...
 03024  1564   NtWaitForSingleObject  (272, 0, 0x0, ...
 03025   164   NtWaitForSingleObject  (272, 0, 0x0, ...
 03026  1420   NtWaitForSingleObject  (272, 0, 0x0, ...
 03027  1852   NtWaitForSingleObject  (272, 0, 0x0, ...
 03028  2000   NtWaitForSingleObject  (272, 0, 0x0, ...
 03029   740   NtSetEventBoostPriority  (88, ...
 03030   764   NtWaitForSingleObject  (272, 0, 0x0, ...
 03007  2044   NtAllocateVirtualMemory  ... 1384448, 4096, ) == 0x0
 03031   308   NtWaitForSingleObject  (272, 0, 0x0, ...
 03011  1248   NtAllocateVirtualMemory  ... 238804992, 8192, ) == 0x0
 03032   968   NtWaitForSingleObject  (272, 0, 0x0, ...
 03033   240   NtWaitForSingleObject  (272, 0, 0x0, ...
 03034  1756   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Policies\Microsoft\Windows NT\DnsClient"}, ... }, ...
 03012   888   NtRegisterThreadTerminatePort  ... ) == 0x0
 03035  1392   NtContinue  (67894576, 1, ...
 01609  1676   NtWaitForSingleObject  ... ) == 0x0
 03029   740   NtSetEventBoostPriority  ... ) == 0x0
 03036  2044   NtSetEventBoostPriority  (272, ...
 03037  1248   NtProtectVirtualMemory  (-1, (0xe3be000), 4096, 260, ...
 03034  1756   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 03038   888   NtWaitForSingleObject  (272, 0, 0x0, ...
 03039  1676   NtSetEventBoostPriority  (88, ...
 03040  1392   NtRegisterThreadTerminatePort  (24, ...
 03041  2020   NtTestAlert  (...
 03013   504   NtWaitForSingleObject  ... ) == 0x0
 03036  2044   NtSetEventBoostPriority  ... ) == 0x0
 03037  1248   NtProtectVirtualMemory  ... (0xe3be000), 4096, 4, ) == 0x0
 03042   740   NtTestAlert  (...
 03043  1756   NtQueryValueKey  (384,  (384, "Hostname", Partial, 144, ... , Partial, 144, ...
 01619   496   NtWaitForSingleObject  ... ) == 0x0
 03039  1676   NtSetEventBoostPriority  ... ) == 0x0
 03040  1392   NtRegisterThreadTerminatePort  ... ) == 0x0
 03044   504   NtSetEventBoostPriority  (272, ...
 03041  2020   NtTestAlert  ... ) == 0x0
 03045  2044   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03046  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03042   740   NtTestAlert  ... ) == 0x0
 03047   496   NtSetEventBoostPriority  (88, ...
 03043  1756   NtQueryValueKey  ... TitleIdx=0, Type=1, Data= ... TitleIdx=0, Type=1, Data="v\0i\0r\0t\0u\0a\0l\0\0\0"}, 28, ) }, 28, ) == 0x0
 03014   800   NtWaitForSingleObject  ... ) == 0x0
 03044   504   NtSetEventBoostPriority  ... ) == 0x0
 03048  1392   NtWaitForSingleObject  (272, 0, 0x0, ...
 03049  2020   NtContinue  (68943152, 1, ...
 03045  2044   NtDuplicateObject  ... 1212, ) == 0x0
 03050  1676   NtTestAlert  (...
 01625  1020   NtWaitForSingleObject  ... ) == 0x0
 03047   496   NtSetEventBoostPriority  ... ) == 0x0
 03051   740   NtContinue  (69991728, 1, ...
 03052   800   NtSetEventBoostPriority  (272, ...
 03053  1756   NtQueryValueKey  (384,  (384, "Hostname", Partial, 144, ... , Partial, 144, ...
 03046  1248   NtCreateThread  ... 1216, {1656, 2248}, ) == 0x0
 03054   504   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03055  2020   NtRegisterThreadTerminatePort  (24, ...
 03056  2044   NtWaitForSingleObject  (272, 0, 0x0, ...
 03057  1020   NtSetEventBoostPriority  (88, ...
 03050  1676   NtTestAlert  ... ) == 0x0
 03015   336   NtWaitForSingleObject  ... ) == 0x0
 03052   800   NtSetEventBoostPriority  ... ) == 0x0
 03058   740   NtRegisterThreadTerminatePort  (24, ...
 03053  1756   NtQueryValueKey  ... TitleIdx=0, Type=1, Data= ... TitleIdx=0, Type=1, Data="v\0i\0r\0t\0u\0a\0l\0\0\0"}, 28, ) }, 28, ) == 0x0
 03059  1248   NtQueryInformationThread  (1216, Basic, 28, ...
 03054   504   NtDuplicateObject  ... 1220, ) == 0x0
 03055  2020   NtRegisterThreadTerminatePort  ... ) == 0x0
 03060   496   NtTestAlert  (...
 01635   432   NtWaitForSingleObject  ... ) == 0x0
 03057  1020   NtSetEventBoostPriority  ... ) == 0x0
 03061   336   NtSetEventBoostPriority  (272, ...
 03062  1676   NtContinue  (71040304, 1, ...
 03058   740   NtRegisterThreadTerminatePort  ... ) == 0x0
 03063  1756   NtClose  (384, ...
 03059  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fedf000,Pid=1656,Tid=2248,}, 0x0, ) == 0x0
 03064   504   NtWaitForSingleObject  (272, 0, 0x0, ...
 03065  2020   NtWaitForSingleObject  (272, 0, 0x0, ...
 03066   432   NtSetEventBoostPriority  (88, ...
 03060   496   NtTestAlert  ... ) == 0x0
 03067   800   NtWaitForSingleObject  (272, 0, 0x0, ...
 03016  1644   NtWaitForSingleObject  ... ) == 0x0
 03061   336   NtSetEventBoostPriority  ... ) == 0x0
 03068  1676   NtRegisterThreadTerminatePort  (24, ...
 03069   740   NtWaitForSingleObject  (272, 0, 0x0, ...
 03063  1756   NtClose  ... ) == 0x0
 03070  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58164, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58164, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0x\6\0\0\310\10\0\0" ...  ...
 03071  1020   NtTestAlert  (...
 01641  1332   NtWaitForSingleObject  ... ) == 0x0
 03066   432   NtSetEventBoostPriority  ... ) == 0x0
 03072   496   NtContinue  (72088880, 1, ...
 03073  1644   NtSetEventBoostPriority  (272, ...
 03068  1676   NtRegisterThreadTerminatePort  ... ) == 0x0
 03074   336   NtWaitForSingleObject  (272, 0, 0x0, ...
 03070  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58165, 0}  ... {28, 56, reply, 0, 1656, 1248, 58165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\300\4\0\0x\6\0\0\310\10\0\0" )  ) == 0x0
 03075  1332   NtSetEventBoostPriority  (88, ...
 03071  1020   NtTestAlert  ... ) == 0x0
 03076  1756   NtClose  (1208, ...
 03017  1804   NtWaitForSingleObject  ... ) == 0x0
 03073  1644   NtSetEventBoostPriority  ... ) == 0x0
 03077   496   NtRegisterThreadTerminatePort  (24, ...
 03078  1676   NtWaitForSingleObject  (272, 0, 0x0, ...
 03079   432   NtTestAlert  (...
 01651  1328   NtWaitForSingleObject  ... ) == 0x0
 03075  1332   NtSetEventBoostPriority  ... ) == 0x0
 03080  1020   NtContinue  (73137456, 1, ...
 03081  1804   NtSetEventBoostPriority  (272, ...
 03076  1756   NtClose  ... ) == 0x0
 03082  1248   NtResumeThread  (1216, ...
 03077   496   NtRegisterThreadTerminatePort  ... ) == 0x0
 03083  1644   NtWaitForSingleObject  (272, 0, 0x0, ...
 03084  1328   NtSetEventBoostPriority  (88, ...
 03079   432   NtTestAlert  ... ) == 0x0
 03018  1780   NtWaitForSingleObject  ... ) == 0x0
 03081  1804   NtSetEventBoostPriority  ... ) == 0x0
 03085  1020   NtRegisterThreadTerminatePort  (24, ...
 03086  1756   NtWaitForSingleObject  (88, 0, 0x0, ...
 03082  1248   NtResumeThread  ... 1, ) == 0x0
 03087   496   NtWaitForSingleObject  (272, 0, 0x0, ...
 01657   752   NtWaitForSingleObject  ... ) == 0x0
 03084  1328   NtSetEventBoostPriority  ... ) == 0x0
 03088  1780   NtSetEventBoostPriority  (272, ...
 03089   432   NtContinue  (74186032, 1, ...
 03090  1332   NtTestAlert  (...
 03091  2248   NtWaitForSingleObject  (88, 0, 0x0, ...
 03085  1020   NtRegisterThreadTerminatePort  ... ) == 0x0
 03092  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03093  1804   NtWaitForSingleObject  (272, 0, 0x0, ...
 03094   752   NtSetEventBoostPriority  (88, ...
 03019  1528   NtWaitForSingleObject  ... ) == 0x0
 03088  1780   NtSetEventBoostPriority  ... ) == 0x0
 03095   432   NtRegisterThreadTerminatePort  (24, ...
 03090  1332   NtTestAlert  ... ) == 0x0
 03096  1020   NtWaitForSingleObject  (272, 0, 0x0, ...
 03092  1248   NtAllocateVirtualMemory  ... 238813184, 1048576, ) == 0x0
 01667   120   NtWaitForSingleObject  ... ) == 0x0
 03097  1528   NtSetEventBoostPriority  (272, ...
 03094   752   NtSetEventBoostPriority  ... ) == 0x0
 03098  1328   NtTestAlert  (...
 03095   432   NtRegisterThreadTerminatePort  ... ) == 0x0
 03099  1332   NtContinue  (75234608, 1, ...
 03100  1780   NtWaitForSingleObject  (272, 0, 0x0, ...
 03101   120   NtSetEventBoostPriority  (88, ...
 03020   932   NtWaitForSingleObject  ... ) == 0x0
 03097  1528   NtSetEventBoostPriority  ... ) == 0x0
 03102  1248   NtAllocateVirtualMemory  (-1, 239853568, 0, 8192, 4096, 4, ...
 03098  1328   NtTestAlert  ... ) == 0x0
 03103   432   NtWaitForSingleObject  (272, 0, 0x0, ...
 03104  1332   NtRegisterThreadTerminatePort  (24, ...
 01673  1732   NtWaitForSingleObject  ... ) == 0x0
 03105   932   NtSetEventBoostPriority  (272, ...
 03101   120   NtSetEventBoostPriority  ... ) == 0x0
 03106   752   NtTestAlert  (...
 03102  1248   NtAllocateVirtualMemory  ... 239853568, 8192, ) == 0x0
 03107  1328   NtContinue  (76283184, 1, ...
 03108  1528   NtWaitForSingleObject  (272, 0, 0x0, ...
 03109  1732   NtSetEventBoostPriority  (88, ...
 03021  1500   NtWaitForSingleObject  ... ) == 0x0
 03105   932   NtSetEventBoostPriority  ... ) == 0x0
 03104  1332   NtRegisterThreadTerminatePort  ... ) == 0x0
 03106   752   NtTestAlert  ... ) == 0x0
 03110   120   NtTestAlert  (...
 03111  1328   NtRegisterThreadTerminatePort  (24, ...
 01683   188   NtWaitForSingleObject  ... ) == 0x0
 03112  1500   NtSetEventBoostPriority  (272, ...
 03109  1732   NtSetEventBoostPriority  ... ) == 0x0
 03113  1248   NtProtectVirtualMemory  (-1, (0xe4be000), 4096, 260, ...
 03114  1332   NtWaitForSingleObject  (272, 0, 0x0, ...
 03115   752   NtContinue  (77331760, 1, ...
 03110   120   NtTestAlert  ... ) == 0x0
 03116   188   NtSetEventBoostPriority  (88, ...
 03022  2032   NtWaitForSingleObject  ... ) == 0x0
 03112  1500   NtSetEventBoostPriority  ... ) == 0x0
 03111  1328   NtRegisterThreadTerminatePort  ... ) == 0x0
 03117   932   NtWaitForSingleObject  (272, 0, 0x0, ...
 03113  1248   NtProtectVirtualMemory  ... (0xe4be000), 4096, 4, ) == 0x0
 03118  1732   NtTestAlert  (...
 03119   752   NtRegisterThreadTerminatePort  (24, ...
 01689  1636   NtWaitForSingleObject  ... ) == 0x0
 03120  2032   NtSetEventBoostPriority  (272, ...
 03116   188   NtSetEventBoostPriority  ... ) == 0x0
 03121   120   NtContinue  (78380336, 1, ...
 03122  1328   NtWaitForSingleObject  (272, 0, 0x0, ...
 03123  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03118  1732   NtTestAlert  ... ) == 0x0
 03124  1636   NtSetEventBoostPriority  (88, ...
 03023  1592   NtWaitForSingleObject  ... ) == 0x0
 03120  2032   NtSetEventBoostPriority  ... ) == 0x0
 03119   752   NtRegisterThreadTerminatePort  ... ) == 0x0
 03125  1500   NtWaitForSingleObject  (272, 0, 0x0, ...
 03126   120   NtRegisterThreadTerminatePort  (24, ...
 03127   188   NtTestAlert  (...
 03123  1248   NtCreateThread  ... 1208, {1656, 2252}, ) == 0x0
 01699   624   NtWaitForSingleObject  ... ) == 0x0
 03128  1592   NtSetEventBoostPriority  (272, ...
 03124  1636   NtSetEventBoostPriority  ... ) == 0x0
 03129  1732   NtContinue  (79428912, 1, ...
 03130   752   NtWaitForSingleObject  (272, 0, 0x0, ...
 03126   120   NtRegisterThreadTerminatePort  ... ) == 0x0
 03127   188   NtTestAlert  ... ) == 0x0
 03131   624   NtSetEventBoostPriority  (88, ...
 03024  1564   NtWaitForSingleObject  ... ) == 0x0
 03128  1592   NtSetEventBoostPriority  ... ) == 0x0
 03132  1248   NtQueryInformationThread  (1208, Basic, 28, ...
 03133  2032   NtWaitForSingleObject  (272, 0, 0x0, ...
 03134  1732   NtRegisterThreadTerminatePort  (24, ...
 03135  1636   NtTestAlert  (...
 03136   120   NtWaitForSingleObject  (272, 0, 0x0, ...
 01705  1948   NtWaitForSingleObject  ... ) == 0x0
 03137  1564   NtSetEventBoostPriority  (272, ...
 03131   624   NtSetEventBoostPriority  ... ) == 0x0
 03138   188   NtContinue  (80477488, 1, ...
 03132  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fede000,Pid=1656,Tid=2252,}, 0x0, ) == 0x0
 03134  1732   NtRegisterThreadTerminatePort  ... ) == 0x0
 03135  1636   NtTestAlert  ... ) == 0x0
 03139  1592   NtWaitForSingleObject  (272, 0, 0x0, ...
 03140  1948   NtSetEventBoostPriority  (88, ...
 03025   164   NtWaitForSingleObject  ... ) == 0x0
 03137  1564   NtSetEventBoostPriority  ... ) == 0x0
 03141   188   NtRegisterThreadTerminatePort  (24, ...
 03142   624   NtTestAlert  (...
 03143  1732   NtWaitForSingleObject  (272, 0, 0x0, ...
 03144  1636   NtContinue  (81526064, 1, ...
 01715   988   NtWaitForSingleObject  ... ) == 0x0
 03145   164   NtSetEventBoostPriority  (272, ...
 03140  1948   NtSetEventBoostPriority  ... ) == 0x0
 03146  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58165, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58165, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0x\6\0\0\314\10\0\0" ...  ...
 03141   188   NtRegisterThreadTerminatePort  ... ) == 0x0
 03142   624   NtTestAlert  ... ) == 0x0
 03147  1564   NtWaitForSingleObject  (272, 0, 0x0, ...
 03148   988   NtSetEventBoostPriority  (88, ...
 03026  1420   NtWaitForSingleObject  ... ) == 0x0
 03145   164   NtSetEventBoostPriority  ... ) == 0x0
 03149  1636   NtRegisterThreadTerminatePort  (24, ...
 03146  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58166, 0}  ... {28, 56, reply, 0, 1656, 1248, 58166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\270\4\0\0x\6\0\0\314\10\0\0" )  ) == 0x0
 03150   188   NtWaitForSingleObject  (272, 0, 0x0, ...
 03151   624   NtContinue  (82574640, 1, ...
 01721   468   NtWaitForSingleObject  ... ) == 0x0
 03152  1420   NtSetEventBoostPriority  (272, ...
 03148   988   NtSetEventBoostPriority  ... ) == 0x0
 03153  1948   NtTestAlert  (...
 03149  1636   NtRegisterThreadTerminatePort  ... ) == 0x0
 03154  1248   NtResumeThread  (1208, ...
 03155   164   NtWaitForSingleObject  (272, 0, 0x0, ...
 03156   468   NtSetEventBoostPriority  (88, ...
 03027  1852   NtWaitForSingleObject  ... ) == 0x0
 03152  1420   NtSetEventBoostPriority  ... ) == 0x0
 03157   624   NtRegisterThreadTerminatePort  (24, ...
 03153  1948   NtTestAlert  ... ) == 0x0
 03158  1636   NtWaitForSingleObject  (272, 0, 0x0, ...
 03154  1248   NtResumeThread  ... 1, ) == 0x0
 01731   380   NtWaitForSingleObject  ... ) == 0x0
 03159  1852   NtSetEventBoostPriority  (272, ...
 03156   468   NtSetEventBoostPriority  ... ) == 0x0
 03160   988   NtTestAlert  (...
 03161  2252   NtWaitForSingleObject  (88, 0, 0x0, ...
 03157   624   NtRegisterThreadTerminatePort  ... ) == 0x0
 03162  1948   NtContinue  (83623216, 1, ...
 03163  1420   NtWaitForSingleObject  (272, 0, 0x0, ...
 03164   380   NtSetEventBoostPriority  (88, ...
 03028  2000   NtWaitForSingleObject  ... ) == 0x0
 03159  1852   NtSetEventBoostPriority  ... ) == 0x0
 03165  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03160   988   NtTestAlert  ... ) == 0x0
 03166   624   NtWaitForSingleObject  (272, 0, 0x0, ...
 03167  1948   NtRegisterThreadTerminatePort  (24, ...
 01737  1692   NtWaitForSingleObject  ... ) == 0x0
 03168  2000   NtSetEventBoostPriority  (272, ...
 03164   380   NtSetEventBoostPriority  ... ) == 0x0
 03169   468   NtTestAlert  (...
 03170  1852   NtWaitForSingleObject  (272, 0, 0x0, ...
 03171   988   NtContinue  (84671792, 1, ...
 03165  1248   NtAllocateVirtualMemory  ... 239861760, 1048576, ) == 0x0
 03172  1692   NtSetEventBoostPriority  (88, ...
 03030   764   NtWaitForSingleObject  ... ) == 0x0
 03168  2000   NtSetEventBoostPriority  ... ) == 0x0
 03167  1948   NtRegisterThreadTerminatePort  ... ) == 0x0
 03169   468   NtTestAlert  ... ) == 0x0
 03173   988   NtRegisterThreadTerminatePort  (24, ...
 01747  1792   NtWaitForSingleObject  ... ) == 0x0
 03174   764   NtSetEventBoostPriority  (272, ...
 03172  1692   NtSetEventBoostPriority  ... ) == 0x0
 03175  1248   NtAllocateVirtualMemory  (-1, 240902144, 0, 8192, 4096, 4, ...
 03176   380   NtTestAlert  (...
 03177  1948   NtWaitForSingleObject  (272, 0, 0x0, ...
 03178   468   NtContinue  (85720368, 1, ...
 03179  1792   NtSetEventBoostPriority  (88, ...
 03031   308   NtWaitForSingleObject  ... ) == 0x0
 03174   764   NtSetEventBoostPriority  ... ) == 0x0
 03173   988   NtRegisterThreadTerminatePort  ... ) == 0x0
 03180  2000   NtWaitForSingleObject  (272, 0, 0x0, ...
 03175  1248   NtAllocateVirtualMemory  ... 240902144, 8192, ) == 0x0
 03176   380   NtTestAlert  ... ) == 0x0
 03181  1692   NtTestAlert  (...
 01753   784   NtWaitForSingleObject  ... ) == 0x0
 03182   308   NtSetEventBoostPriority  (272, ...
 03179  1792   NtSetEventBoostPriority  ... ) == 0x0
 03183   468   NtRegisterThreadTerminatePort  (24, ...
 03184   988   NtWaitForSingleObject  (272, 0, 0x0, ...
 03185  1248   NtProtectVirtualMemory  (-1, (0xe5be000), 4096, 260, ...
 03186   380   NtContinue  (86768944, 1, ...
 03187   784   NtSetEventBoostPriority  (88, ...
 03032   968   NtWaitForSingleObject  ... ) == 0x0
 03182   308   NtSetEventBoostPriority  ... ) == 0x0
 03181  1692   NtTestAlert  ... ) == 0x0
 03188   764   NtWaitForSingleObject  (272, 0, 0x0, ...
 03183   468   NtRegisterThreadTerminatePort  ... ) == 0x0
 03189  1792   NtTestAlert  (...
 03185  1248   NtProtectVirtualMemory  ... (0xe5be000), 4096, 4, ) == 0x0
 01763  1520   NtWaitForSingleObject  ... ) == 0x0
 03190   968   NtSetEventBoostPriority  (272, ...
 03187   784   NtSetEventBoostPriority  ... ) == 0x0
 03191   380   NtRegisterThreadTerminatePort  (24, ...
 03192  1692   NtContinue  (87817520, 1, ...
 03193   468   NtWaitForSingleObject  (272, 0, 0x0, ...
 03189  1792   NtTestAlert  ... ) == 0x0
 03194  1520   NtSetEventBoostPriority  (88, ...
 03033   240   NtWaitForSingleObject  ... ) == 0x0
 03190   968   NtSetEventBoostPriority  ... ) == 0x0
 03195  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03196   308   NtWaitForSingleObject  (272, 0, 0x0, ...
 03191   380   NtRegisterThreadTerminatePort  ... ) == 0x0
 03197  1692   NtRegisterThreadTerminatePort  (24, ...
 03198   784   NtTestAlert  (...
 01769  1696   NtWaitForSingleObject  ... ) == 0x0
 03199   240   NtSetEventBoostPriority  (272, ...
 03194  1520   NtSetEventBoostPriority  ... ) == 0x0
 03200  1792   NtContinue  (88866096, 1, ...
 03201   968   NtWaitForSingleObject  (272, 0, 0x0, ...
 03202   380   NtWaitForSingleObject  (272, 0, 0x0, ...
 03197  1692   NtRegisterThreadTerminatePort  ... ) == 0x0
 03203  1696   NtSetEventBoostPriority  (88, ...
 03038   888   NtWaitForSingleObject  ... ) == 0x0
 03199   240   NtSetEventBoostPriority  ... ) == 0x0
 03198   784   NtTestAlert  ... ) == 0x0
 03195  1248   NtCreateThread  ... 384, {1656, 2256}, ) == 0x0
 03204  1792   NtRegisterThreadTerminatePort  (24, ...
 03205  1520   NtTestAlert  (...
 01779  1744   NtWaitForSingleObject  ... ) == 0x0
 03206   888   NtSetEventBoostPriority  (272, ...
 03203  1696   NtSetEventBoostPriority  ... ) == 0x0
 03207  1692   NtWaitForSingleObject  (272, 0, 0x0, ...
 03208   784   NtContinue  (89914672, 1, ...
 03209  1248   NtQueryInformationThread  (384, Basic, 28, ...
 03204  1792   NtRegisterThreadTerminatePort  ... ) == 0x0
 03210  1744   NtSetEventBoostPriority  (88, ...
 03048  1392   NtWaitForSingleObject  ... ) == 0x0
 03205  1520   NtTestAlert  ... ) == 0x0
 03206   888   NtSetEventBoostPriority  ... ) == 0x0
 03211   240   NtWaitForSingleObject  (272, 0, 0x0, ...
 03212  1696   NtTestAlert  (...
 03213   784   NtRegisterThreadTerminatePort  (24, ...
 03209  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fedd000,Pid=1656,Tid=2256,}, 0x0, ) == 0x0
 01785  1124   NtWaitForSingleObject  ... ) == 0x0
 03210  1744   NtSetEventBoostPriority  ... ) == 0x0
 03214  1792   NtWaitForSingleObject  (272, 0, 0x0, ...
 03215  1392   NtSetEventBoostPriority  (272, ...
 03216  1520   NtContinue  (90963248, 1, ...
 03217   888   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03212  1696   NtTestAlert  ... ) == 0x0
 03213   784   NtRegisterThreadTerminatePort  ... ) == 0x0
 03218  1124   NtSetEventBoostPriority  (88, ...
 03219  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58166, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58166, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0x\6\0\0\320\10\0\0" ...  ...
 03220  1744   NtTestAlert  (...
 03056  2044   NtWaitForSingleObject  ... ) == 0x0
 03221  1520   NtRegisterThreadTerminatePort  (24, ...
 03217   888   NtDuplicateObject  ... 1224, ) == 0x0
 03222  1696   NtContinue  (92011824, 1, ...
 01795  1496   NtWaitForSingleObject  ... ) == 0x0
 03218  1124   NtSetEventBoostPriority  ... ) == 0x0
 03223   784   NtWaitForSingleObject  (272, 0, 0x0, ...
 03219  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58167, 0}  ... {28, 56, reply, 0, 1656, 1248, 58167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\200\1\0\0x\6\0\0\320\10\0\0" )  ) == 0x0
 03220  1744   NtTestAlert  ... ) == 0x0
 03224  2044   NtSetEventBoostPriority  (272, ...
 03221  1520   NtRegisterThreadTerminatePort  ... ) == 0x0
 03215  1392   NtSetEventBoostPriority  ... ) == 0x0
 03225  1496   NtSetEventBoostPriority  (88, ...
 03226  1696   NtRegisterThreadTerminatePort  (24, ...
 03227   888   NtWaitForSingleObject  (272, 0, 0x0, ...
 03228  1124   NtTestAlert  (...
 03229  1744   NtContinue  (93060400, 1, ...
 03064   504   NtWaitForSingleObject  ... ) == 0x0
 03230  1520   NtWaitForSingleObject  (272, 0, 0x0, ...
 01801   168   NtWaitForSingleObject  ... ) == 0x0
 03225  1496   NtSetEventBoostPriority  ... ) == 0x0
 03231  1392   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03226  1696   NtRegisterThreadTerminatePort  ... ) == 0x0
 03228  1124   NtTestAlert  ... ) == 0x0
 03232  1744   NtRegisterThreadTerminatePort  (24, ...
 03233   504   NtSetEventBoostPriority  (272, ...
 03224  2044   NtSetEventBoostPriority  ... ) == 0x0
 03234  1248   NtResumeThread  (384, ...
 03235   168   NtAllocateVirtualMemory  (-1, 8810496, 0, 4096, 4096, 4, ...
 03231  1392   NtDuplicateObject  ... 1228, ) == 0x0
 03236  1696   NtWaitForSingleObject  (272, 0, 0x0, ...
 03237  1124   NtContinue  (94108976, 1, ...
 03232  1744   NtRegisterThreadTerminatePort  ... ) == 0x0
 03067   800   NtWaitForSingleObject  ... ) == 0x0
 03233   504   NtSetEventBoostPriority  ... ) == 0x0
 03238  2044   NtWaitForSingleObject  (272, 0, 0x0, ...
 03235   168   NtAllocateVirtualMemory  ... 8810496, 4096, ) == 0x0
 03234  1248   NtResumeThread  ... 1, ) == 0x0
 03239  1496   NtTestAlert  (...
 03240  1392   NtWaitForSingleObject  (272, 0, 0x0, ...
 03241  2256   NtWaitForSingleObject  (88, 0, 0x0, ...
 03242  1124   NtRegisterThreadTerminatePort  (24, ...
 03243   800   NtSetEventBoostPriority  (272, ...
 03244  1744   NtWaitForSingleObject  (272, 0, 0x0, ...
 03245   504   NtWaitForSingleObject  (272, 0, 0x0, ...
 03246  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03239  1496   NtTestAlert  ... ) == 0x0
 03065  2020   NtWaitForSingleObject  ... ) == 0x0
 03243   800   NtSetEventBoostPriority  ... ) == 0x0
 03242  1124   NtRegisterThreadTerminatePort  ... ) == 0x0
 03247   168   NtSetEventBoostPriority  (88, ...
 03246  1248   NtAllocateVirtualMemory  ... 240910336, 1048576, ) == 0x0
 03248  2020   NtSetEventBoostPriority  (272, ...
 03249  1496   NtContinue  (95157552, 1, ...
 03250   800   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 03251  1124   NtWaitForSingleObject  (272, 0, 0x0, ...
 01811  1284   NtWaitForSingleObject  ... ) == 0x0
 03247   168   NtSetEventBoostPriority  ... ) == 0x0
 03069   740   NtWaitForSingleObject  ... ) == 0x0
 03252  1248   NtAllocateVirtualMemory  (-1, 241950720, 0, 8192, 4096, 4, ...
 03253  1496   NtRegisterThreadTerminatePort  (24, ...
 03248  2020   NtSetEventBoostPriority  ... ) == 0x0
 03250   800   NtWaitForSingleObject  ... ) == 0x102
 03254  1284   NtSetEventBoostPriority  (88, ...
 03255   168   NtTestAlert  (...
 03256   740   NtSetEventBoostPriority  (272, ...
 03252  1248   NtAllocateVirtualMemory  ... 241950720, 8192, ) == 0x0
 03253  1496   NtRegisterThreadTerminatePort  ... ) == 0x0
 03257  2020   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01817  1268   NtWaitForSingleObject  ... ) == 0x0
 03254  1284   NtSetEventBoostPriority  ... ) == 0x0
 03258   800   NtWaitForSingleObject  (136, 0, 0x0, ...
 03255   168   NtTestAlert  ... ) == 0x0
 03074   336   NtWaitForSingleObject  ... ) == 0x0
 03256   740   NtSetEventBoostPriority  ... ) == 0x0
 03259  1496   NtWaitForSingleObject  (272, 0, 0x0, ...
 03260  1268   NtSetEventBoostPriority  (88, ...
 03257  2020   NtDuplicateObject  ... 1232, ) == 0x0
 03261  1248   NtProtectVirtualMemory  (-1, (0xe6be000), 4096, 260, ...
 03262   168   NtContinue  (96206128, 1, ...
 03263   336   NtSetEventBoostPriority  (272, ...
 03264   740   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03265  1284   NtTestAlert  (...
 01827   840   NtWaitForSingleObject  ... ) == 0x0
 03260  1268   NtSetEventBoostPriority  ... ) == 0x0
 03261  1248   NtProtectVirtualMemory  ... (0xe6be000), 4096, 4, ) == 0x0
 03266   168   NtRegisterThreadTerminatePort  (24, ...
 03078  1676   NtWaitForSingleObject  ... ) == 0x0
 03263   336   NtSetEventBoostPriority  ... ) == 0x0
 03264   740   NtDuplicateObject  ... 1236, ) == 0x0
 03267   840   NtSetEventBoostPriority  (88, ...
 03265  1284   NtTestAlert  ... ) == 0x0
 03268  2020   NtWaitForSingleObject  (272, 0, 0x0, ...
 03269  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03270  1268   NtTestAlert  (...
 03271  1676   NtSetEventBoostPriority  (272, ...
 03272   336   NtWaitForSingleObject  (272, 0, 0x0, ...
 03266   168   NtRegisterThreadTerminatePort  ... ) == 0x0
 01835  1336   NtWaitForSingleObject  ... ) == 0x0
 03267   840   NtSetEventBoostPriority  ... ) == 0x0
 03273  1284   NtContinue  (97254704, 1, ...
 03274   740   NtWaitForSingleObject  (272, 0, 0x0, ...
 03083  1644   NtWaitForSingleObject  ... ) == 0x0
 03270  1268   NtTestAlert  ... ) == 0x0
 03271  1676   NtSetEventBoostPriority  ... ) == 0x0
 03269  1248   NtCreateThread  ... 1240, {1656, 2260}, ) == 0x0
 03275  1336   NtSetEventBoostPriority  (88, ...
 03276   168   NtWaitForSingleObject  (272, 0, 0x0, ...
 03277  1284   NtRegisterThreadTerminatePort  (24, ...
 03278  1644   NtSetEventBoostPriority  (272, ...
 03279  1268   NtContinue  (98303280, 1, ...
 03280  1676   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01841  1200   NtWaitForSingleObject  ... ) == 0x0
 03275  1336   NtSetEventBoostPriority  ... ) == 0x0
 03281  1248   NtQueryInformationThread  (1240, Basic, 28, ...
 03277  1284   NtRegisterThreadTerminatePort  ... ) == 0x0
 03087   496   NtWaitForSingleObject  ... ) == 0x0
 03278  1644   NtSetEventBoostPriority  ... ) == 0x0
 03282  1268   NtRegisterThreadTerminatePort  (24, ...
 03283  1200   NtSetEventBoostPriority  (88, ...
 03280  1676   NtDuplicateObject  ... 1244, ) == 0x0
 03284   840   NtTestAlert  (...
 03281  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fedc000,Pid=1656,Tid=2260,}, 0x0, ) == 0x0
 03285   496   NtSetEventBoostPriority  (272, ...
 03286  1284   NtWaitForSingleObject  (272, 0, 0x0, ...
 03287  1644   NtWaitForSingleObject  (272, 0, 0x0, ...
 01851  1920   NtWaitForSingleObject  ... ) == 0x0
 03283  1200   NtSetEventBoostPriority  ... ) == 0x0
 03282  1268   NtRegisterThreadTerminatePort  ... ) == 0x0
 03288  1336   NtTestAlert  (...
 03284   840   NtTestAlert  ... ) == 0x0
 03093  1804   NtWaitForSingleObject  ... ) == 0x0
 03289  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58167, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58167, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0x\6\0\0\324\10\0\0" ...  ...
 03285   496   NtSetEventBoostPriority  ... ) == 0x0
 03290  1676   NtWaitForSingleObject  (272, 0, 0x0, ...
 03291  1920   NtSetEventBoostPriority  (88, ...
 03292  1268   NtWaitForSingleObject  (272, 0, 0x0, ...
 03288  1336   NtTestAlert  ... ) == 0x0
 03293   840   NtContinue  (99351856, 1, ...
 03294  1804   NtSetEventBoostPriority  (272, ...
 03289  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58168, 0}  ... {28, 56, reply, 0, 1656, 1248, 58168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\330\4\0\0x\6\0\0\324\10\0\0" )  ) == 0x0
 03295   496   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01857   896   NtWaitForSingleObject  ... ) == 0x0
 03291  1920   NtSetEventBoostPriority  ... ) == 0x0
 03296  1200   NtTestAlert  (...
 03297  1336   NtContinue  (100400432, 1, ...
 03298   840   NtRegisterThreadTerminatePort  (24, ...
 03096  1020   NtWaitForSingleObject  ... ) == 0x0
 03294  1804   NtSetEventBoostPriority  ... ) == 0x0
 03299   896   NtSetEventBoostPriority  (88, ...
 03295   496   NtDuplicateObject  ... 1248, ) == 0x0
 03300  1248   NtResumeThread  (1240, ...
 03296  1200   NtTestAlert  ... ) == 0x0
 03301  1336   NtRegisterThreadTerminatePort  (24, ...
 03302  1020   NtSetEventBoostPriority  (272, ...
 03298   840   NtRegisterThreadTerminatePort  ... ) == 0x0
 01867  2016   NtWaitForSingleObject  ... ) == 0x0
 03299   896   NtSetEventBoostPriority  ... ) == 0x0
 03303  1804   NtWaitForSingleObject  (272, 0, 0x0, ...
 03304  1920   NtTestAlert  (...
 03300  1248   NtResumeThread  ... 1, ) == 0x0
 03305  1200   NtContinue  (101449008, 1, ...
 03100  1780   NtWaitForSingleObject  ... ) == 0x0
 03301  1336   NtRegisterThreadTerminatePort  ... ) == 0x0
 03306  2016   NtSetEventBoostPriority  (88, ...
 03307   840   NtWaitForSingleObject  (272, 0, 0x0, ...
 03302  1020   NtSetEventBoostPriority  ... ) == 0x0
 03308   496   NtWaitForSingleObject  (272, 0, 0x0, ...
 03309  2260   NtWaitForSingleObject  (88, 0, 0x0, ...
 03310   896   NtTestAlert  (...
 03304  1920   NtTestAlert  ... ) == 0x0
 03311  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03312  1200   NtRegisterThreadTerminatePort  (24, ...
 03313  1780   NtSetEventBoostPriority  (272, ...
 01873  2012   NtWaitForSingleObject  ... ) == 0x0
 03306  2016   NtSetEventBoostPriority  ... ) == 0x0
 03314  1336   NtWaitForSingleObject  (272, 0, 0x0, ...
 03315  1020   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03310   896   NtTestAlert  ... ) == 0x0
 03316  1920   NtContinue  (102497584, 1, ...
 03311  1248   NtAllocateVirtualMemory  ... 241958912, 1048576, ) == 0x0
 03312  1200   NtRegisterThreadTerminatePort  ... ) == 0x0
 03317  2012   NtSetEventBoostPriority  (88, ...
 03103   432   NtWaitForSingleObject  ... ) == 0x0
 03313  1780   NtSetEventBoostPriority  ... ) == 0x0
 03318  2016   NtTestAlert  (...
 03315  1020   NtDuplicateObject  ... 1252, ) == 0x0
 03319   896   NtContinue  (103546160, 1, ...
 03320  1920   NtRegisterThreadTerminatePort  (24, ...
 03321  1248   NtAllocateVirtualMemory  (-1, 242999296, 0, 8192, 4096, 4, ...
 01883  1604   NtWaitForSingleObject  ... ) == 0x0
 03322   432   NtSetEventBoostPriority  (272, ...
 03317  2012   NtSetEventBoostPriority  ... ) == 0x0
 03323  1200   NtWaitForSingleObject  (272, 0, 0x0, ...
 03324  1780   NtWaitForSingleObject  (272, 0, 0x0, ...
 03318  2016   NtTestAlert  ... ) == 0x0
 03325   896   NtRegisterThreadTerminatePort  (24, ...
 03320  1920   NtRegisterThreadTerminatePort  ... ) == 0x0
 03326  1604   NtSetEventBoostPriority  (88, ...
 03108  1528   NtWaitForSingleObject  ... ) == 0x0
 03321  1248   NtAllocateVirtualMemory  ... 242999296, 8192, ) == 0x0
 03322   432   NtSetEventBoostPriority  ... ) == 0x0
 03327  1020   NtWaitForSingleObject  (272, 0, 0x0, ...
 03328  2012   NtTestAlert  (...
 03329  2016   NtContinue  (104594736, 1, ...
 03325   896   NtRegisterThreadTerminatePort  ... ) == 0x0
 01889  1572   NtWaitForSingleObject  ... ) == 0x0
 03326  1604   NtSetEventBoostPriority  ... ) == 0x0
 03330  1920   NtWaitForSingleObject  (272, 0, 0x0, ...
 03331  1528   NtSetEventBoostPriority  (272, ...
 03332   432   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03328  2012   NtTestAlert  ... ) == 0x0
 03333  2016   NtRegisterThreadTerminatePort  (24, ...
 03334  1572   NtSetEventBoostPriority  (88, ...
 03335   896   NtWaitForSingleObject  (272, 0, 0x0, ...
 03336  1248   NtProtectVirtualMemory  (-1, (0xe7be000), 4096, 260, ...
 03337  1604   NtTestAlert  (...
 03114  1332   NtWaitForSingleObject  ... ) == 0x0
 03331  1528   NtSetEventBoostPriority  ... ) == 0x0
 03332   432   NtDuplicateObject  ... 1256, ) == 0x0
 03338  2012   NtContinue  (105643312, 1, ...
 01899   596   NtWaitForSingleObject  ... ) == 0x0
 03334  1572   NtSetEventBoostPriority  ... ) == 0x0
 03333  2016   NtRegisterThreadTerminatePort  ... ) == 0x0
 03336  1248   NtProtectVirtualMemory  ... (0xe7be000), 4096, 4, ) == 0x0
 03339  1332   NtSetEventBoostPriority  (272, ...
 03337  1604   NtTestAlert  ... ) == 0x0
 03340  1528   NtWaitForSingleObject  (272, 0, 0x0, ...
 03341   596   NtSetEventBoostPriority  (88, ...
 03342  2012   NtRegisterThreadTerminatePort  (24, ...
 03343   432   NtWaitForSingleObject  (272, 0, 0x0, ...
 03344  2016   NtWaitForSingleObject  (272, 0, 0x0, ...
 03117   932   NtWaitForSingleObject  ... ) == 0x0
 03345  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03346  1604   NtContinue  (106691888, 1, ...
 03339  1332   NtSetEventBoostPriority  ... ) == 0x0
 03347  1572   NtTestAlert  (...
 01905   376   NtWaitForSingleObject  ... ) == 0x0
 03341   596   NtSetEventBoostPriority  ... ) == 0x0
 03342  2012   NtRegisterThreadTerminatePort  ... ) == 0x0
 03348   932   NtSetEventBoostPriority  (272, ...
 03345  1248   NtCreateThread  ... 1260, {1656, 2264}, ) == 0x0
 03349  1604   NtRegisterThreadTerminatePort  (24, ...
 03350  1332   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03351   376   NtSetEventBoostPriority  (88, ...
 03347  1572   NtTestAlert  ... ) == 0x0
 03352  2012   NtWaitForSingleObject  (272, 0, 0x0, ...
 03122  1328   NtWaitForSingleObject  ... ) == 0x0
 03348   932   NtSetEventBoostPriority  ... ) == 0x0
 03353  1248   NtQueryInformationThread  (1260, Basic, 28, ...
 03349  1604   NtRegisterThreadTerminatePort  ... ) == 0x0
 01915  1168   NtWaitForSingleObject  ... ) == 0x0
 03351   376   NtSetEventBoostPriority  ... ) == 0x0
 03350  1332   NtDuplicateObject  ... 1264, ) == 0x0
 03354  1572   NtContinue  (107740464, 1, ...
 03355   596   NtTestAlert  (...
 03356  1328   NtSetEventBoostPriority  (272, ...
 03357   932   NtWaitForSingleObject  (272, 0, 0x0, ...
 03353  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fedb000,Pid=1656,Tid=2264,}, 0x0, ) == 0x0
 03358  1168   NtSetEventBoostPriority  (88, ...
 03359  1604   NtWaitForSingleObject  (272, 0, 0x0, ...
 03360   376   NtTestAlert  (...
 03361  1572   NtRegisterThreadTerminatePort  (24, ...
 03125  1500   NtWaitForSingleObject  ... ) == 0x0
 03355   596   NtTestAlert  ... ) == 0x0
 03356  1328   NtSetEventBoostPriority  ... ) == 0x0
 03362  1332   NtWaitForSingleObject  (272, 0, 0x0, ...
 01921   428   NtWaitForSingleObject  ... ) == 0x0
 03358  1168   NtSetEventBoostPriority  ... ) == 0x0
 03363  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58168, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58168, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0x\6\0\0\330\10\0\0" ...  ...
 03360   376   NtTestAlert  ... ) == 0x0
 03361  1572   NtRegisterThreadTerminatePort  ... ) == 0x0
 03364  1500   NtAllocateVirtualMemory  (-1, 1388544, 0, 4096, 4096, 4, ...
 03365   596   NtContinue  (108789040, 1, ...
 03366  1328   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03367   428   NtSetEventBoostPriority  (88, ...
 03363  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58169, 0}  ... {28, 56, reply, 0, 1656, 1248, 58169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\354\4\0\0x\6\0\0\330\10\0\0" )  ) == 0x0
 03368   376   NtContinue  (109837616, 1, ...
 03369  1572   NtWaitForSingleObject  (272, 0, 0x0, ...
 03364  1500   NtAllocateVirtualMemory  ... 1388544, 4096, ) == 0x0
 03370   596   NtRegisterThreadTerminatePort  (24, ...
 01931  1344   NtWaitForSingleObject  ... ) == 0x0
 03367   428   NtSetEventBoostPriority  ... ) == 0x0
 03366  1328   NtDuplicateObject  ... 1268, ) == 0x0
 03371  1248   NtResumeThread  (1260, ...
 03372   376   NtRegisterThreadTerminatePort  (24, ...
 03373  1168   NtTestAlert  (...
 03374  1500   NtSetEventBoostPriority  (272, ...
 03375  1344   NtSetEventBoostPriority  (88, ...
 03370   596   NtRegisterThreadTerminatePort  ... ) == 0x0
 03376   428   NtTestAlert  (...
 03371  1248   NtResumeThread  ... 1, ) == 0x0
 03372   376   NtRegisterThreadTerminatePort  ... ) == 0x0
 03373  1168   NtTestAlert  ... ) == 0x0
 03377  1328   NtWaitForSingleObject  (272, 0, 0x0, ...
 03378  2264   NtWaitForSingleObject  (88, 0, 0x0, ...
 01937  1300   NtWaitForSingleObject  ... ) == 0x0
 03375  1344   NtSetEventBoostPriority  ... ) == 0x0
 03379   596   NtWaitForSingleObject  (272, 0, 0x0, ...
 03376   428   NtTestAlert  ... ) == 0x0
 03380  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03381   376   NtWaitForSingleObject  (272, 0, 0x0, ...
 03382  1168   NtContinue  (110886192, 1, ...
 03383  1300   NtSetEventBoostPriority  (88, ...
 03130   752   NtWaitForSingleObject  ... ) == 0x0
 03374  1500   NtSetEventBoostPriority  ... ) == 0x0
 03384  1344   NtTestAlert  (...
 03385   428   NtContinue  (111934768, 1, ...
 03380  1248   NtAllocateVirtualMemory  ... 243007488, 1048576, ) == 0x0
 01947  1096   NtWaitForSingleObject  ... ) == 0x0
 03383  1300   NtSetEventBoostPriority  ... ) == 0x0
 03386  1168   NtRegisterThreadTerminatePort  (24, ...
 03387   752   NtSetEventBoostPriority  (272, ...
 03388  1500   NtWaitForSingleObject  (272, 0, 0x0, ...
 03384  1344   NtTestAlert  ... ) == 0x0
 03389   428   NtRegisterThreadTerminatePort  (24, ...
 03390  1096   NtSetEventBoostPriority  (88, ...
 03391  1248   NtAllocateVirtualMemory  (-1, 244047872, 0, 8192, 4096, 4, ...
 03386  1168   NtRegisterThreadTerminatePort  ... ) == 0x0
 03133  2032   NtWaitForSingleObject  ... ) == 0x0
 03392  1344   NtContinue  (112983344, 1, ...
 01953   252   NtWaitForSingleObject  ... ) == 0x0
 03390  1096   NtSetEventBoostPriority  ... ) == 0x0
 03389   428   NtRegisterThreadTerminatePort  ... ) == 0x0
 03391  1248   NtAllocateVirtualMemory  ... 244047872, 8192, ) == 0x0
 03393  1168   NtWaitForSingleObject  (272, 0, 0x0, ...
 03394  2032   NtSetEventBoostPriority  (272, ...
 03395   252   NtSetEventBoostPriority  (88, ...
 03396  1344   NtRegisterThreadTerminatePort  (24, ...
 03387   752   NtSetEventBoostPriority  ... ) == 0x0
 03397  1300   NtTestAlert  (...
 03398   428   NtWaitForSingleObject  (272, 0, 0x0, ...
 03399  1248   NtProtectVirtualMemory  (-1, (0xe8be000), 4096, 260, ...
 03400  1096   NtTestAlert  (...
 01963   500   NtWaitForSingleObject  ... ) == 0x0
 03395   252   NtSetEventBoostPriority  ... ) == 0x0
 03136   120   NtWaitForSingleObject  ... ) == 0x0
 03394  2032   NtSetEventBoostPriority  ... ) == 0x0
 03396  1344   NtRegisterThreadTerminatePort  ... ) == 0x0
 03401   752   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03397  1300   NtTestAlert  ... ) == 0x0
 03399  1248   NtProtectVirtualMemory  ... (0xe8be000), 4096, 4, ) == 0x0
 03402   500   NtSetEventBoostPriority  (88, ...
 03400  1096   NtTestAlert  ... ) == 0x0
 03403   120   NtSetEventBoostPriority  (272, ...
 03404  2032   NtWaitForSingleObject  (272, 0, 0x0, ...
 03405  1344   NtWaitForSingleObject  (272, 0, 0x0, ...
 03401   752   NtDuplicateObject  ... 1272, ) == 0x0
 03406  1300   NtContinue  (114031920, 1, ...
 01969  1132   NtWaitForSingleObject  ... ) == 0x0
 03402   500   NtSetEventBoostPriority  ... ) == 0x0
 03407  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03139  1592   NtWaitForSingleObject  ... ) == 0x0
 03408  1096   NtContinue  (115080496, 1, ...
 03403   120   NtSetEventBoostPriority  ... ) == 0x0
 03409   252   NtTestAlert  (...
 03410  1132   NtSetEventBoostPriority  (88, ...
 03411  1300   NtRegisterThreadTerminatePort  (24, ...
 03412   752   NtWaitForSingleObject  (272, 0, 0x0, ...
 03413   500   NtTestAlert  (...
 03414  1592   NtSetEventBoostPriority  (272, ...
 03415  1096   NtRegisterThreadTerminatePort  (24, ...
 03416   120   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01979  1024   NtWaitForSingleObject  ... ) == 0x0
 03410  1132   NtSetEventBoostPriority  ... ) == 0x0
 03409   252   NtTestAlert  ... ) == 0x0
 03411  1300   NtRegisterThreadTerminatePort  ... ) == 0x0
 03413   500   NtTestAlert  ... ) == 0x0
 03143  1732   NtWaitForSingleObject  ... ) == 0x0
 03414  1592   NtSetEventBoostPriority  ... ) == 0x0
 03415  1096   NtRegisterThreadTerminatePort  ... ) == 0x0
 03417  1024   NtSetEventBoostPriority  (88, ...
 03416   120   NtDuplicateObject  ... 1276, ) == 0x0
 03407  1248   NtCreateThread  ... 1280, {1656, 2268}, ) == 0x0
 03418   252   NtContinue  (116129072, 1, ...
 03419  1300   NtWaitForSingleObject  (272, 0, 0x0, ...
 03420  1732   NtSetEventBoostPriority  (272, ...
 03421   500   NtContinue  (117177648, 1, ...
 03422  1592   NtWaitForSingleObject  (272, 0, 0x0, ...
 01985   948   NtWaitForSingleObject  ... ) == 0x0
 03417  1024   NtSetEventBoostPriority  ... ) == 0x0
 03423  1096   NtWaitForSingleObject  (272, 0, 0x0, ...
 03424  1132   NtTestAlert  (...
 03425  1248   NtQueryInformationThread  (1280, Basic, 28, ...
 03426   252   NtRegisterThreadTerminatePort  (24, ...
 03427   120   NtWaitForSingleObject  (272, 0, 0x0, ...
 03147  1564   NtWaitForSingleObject  ... ) == 0x0
 03428   500   NtRegisterThreadTerminatePort  (24, ...
 03420  1732   NtSetEventBoostPriority  ... ) == 0x0
 03429   948   NtSetEventBoostPriority  (88, ...
 03430  1024   NtTestAlert  (...
 03424  1132   NtTestAlert  ... ) == 0x0
 03425  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7feda000,Pid=1656,Tid=2268,}, 0x0, ) == 0x0
 03426   252   NtRegisterThreadTerminatePort  ... ) == 0x0
 03431  1564   NtSetEventBoostPriority  (272, ...
 03428   500   NtRegisterThreadTerminatePort  ... ) == 0x0
 01995  1388   NtWaitForSingleObject  ... ) == 0x0
 03429   948   NtSetEventBoostPriority  ... ) == 0x0
 03432  1732   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03430  1024   NtTestAlert  ... ) == 0x0
 03433  1132   NtContinue  (118226224, 1, ...
 03434  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58169, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58169, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0x\6\0\0\334\10\0\0" ...  ...
 03435   252   NtWaitForSingleObject  (272, 0, 0x0, ...
 03150   188   NtWaitForSingleObject  ... ) == 0x0
 03431  1564   NtSetEventBoostPriority  ... ) == 0x0
 03436  1388   NtSetEventBoostPriority  (88, ...
 03437   500   NtWaitForSingleObject  (272, 0, 0x0, ...
 03432  1732   NtDuplicateObject  ... 1284, ) == 0x0
 03438  1024   NtContinue  (119274800, 1, ...
 03439  1132   NtRegisterThreadTerminatePort  (24, ...
 03434  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58170, 0}  ... {28, 56, reply, 0, 1656, 1248, 58170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\0\5\0\0x\6\0\0\334\10\0\0" )  ) == 0x0
 03440   948   NtTestAlert  (...
 03441   188   NtSetEventBoostPriority  (272, ...
 02001   520   NtWaitForSingleObject  ... ) == 0x0
 03436  1388   NtSetEventBoostPriority  ... ) == 0x0
 03442  1564   NtWaitForSingleObject  (272, 0, 0x0, ...
 03443  1024   NtRegisterThreadTerminatePort  (24, ...
 03439  1132   NtRegisterThreadTerminatePort  ... ) == 0x0
 03444  1732   NtWaitForSingleObject  (272, 0, 0x0, ...
 03155   164   NtWaitForSingleObject  ... ) == 0x0
 03445   520   NtSetEventBoostPriority  (88, ...
 03440   948   NtTestAlert  ... ) == 0x0
 03441   188   NtSetEventBoostPriority  ... ) == 0x0
 03446  1248   NtResumeThread  (1280, ...
 03447  1388   NtTestAlert  (...
 03443  1024   NtRegisterThreadTerminatePort  ... ) == 0x0
 03448  1132   NtWaitForSingleObject  (272, 0, 0x0, ...
 02011   276   NtWaitForSingleObject  ... ) == 0x0
 03445   520   NtSetEventBoostPriority  ... ) == 0x0
 03449   164   NtSetEventBoostPriority  (272, ...
 03450   948   NtContinue  (120323376, 1, ...
 03451   188   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03446  1248   NtResumeThread  ... 1, ) == 0x0
 03447  1388   NtTestAlert  ... ) == 0x0
 03452  1024   NtWaitForSingleObject  (272, 0, 0x0, ...
 03453  2268   NtWaitForSingleObject  (88, 0, 0x0, ...
 03454   276   NtSetEventBoostPriority  (88, ...
 03158  1636   NtWaitForSingleObject  ... ) == 0x0
 03449   164   NtSetEventBoostPriority  ... ) == 0x0
 03455   948   NtRegisterThreadTerminatePort  (24, ...
 03451   188   NtDuplicateObject  ... 1288, ) == 0x0
 03456  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03457  1388   NtContinue  (121371952, 1, ...
 03458   520   NtTestAlert  (...
 02017   996   NtWaitForSingleObject  ... ) == 0x0
 03459  1636   NtSetEventBoostPriority  (272, ...
 03454   276   NtSetEventBoostPriority  ... ) == 0x0
 03460   164   NtWaitForSingleObject  (272, 0, 0x0, ...
 03455   948   NtRegisterThreadTerminatePort  ... ) == 0x0
 03456  1248   NtAllocateVirtualMemory  ... 244056064, 1048576, ) == 0x0
 03461  1388   NtRegisterThreadTerminatePort  (24, ...
 03462   996   NtSetEventBoostPriority  (88, ...
 03163  1420   NtWaitForSingleObject  ... ) == 0x0
 03458   520   NtTestAlert  ... ) == 0x0
 03459  1636   NtSetEventBoostPriority  ... ) == 0x0
 03463   188   NtWaitForSingleObject  (272, 0, 0x0, ...
 03464   276   NtTestAlert  (...
 03465   948   NtWaitForSingleObject  (272, 0, 0x0, ...
 03466  1248   NtAllocateVirtualMemory  (-1, 245096448, 0, 8192, 4096, 4, ...
 02027  1064   NtWaitForSingleObject  ... ) == 0x0
 03462   996   NtSetEventBoostPriority  ... ) == 0x0
 03461  1388   NtRegisterThreadTerminatePort  ... ) == 0x0
 03467  1420   NtSetEventBoostPriority  (272, ...
 03468   520   NtContinue  (122420528, 1, ...
 03469  1636   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03464   276   NtTestAlert  ... ) == 0x0
 03470  1064   NtAllocateVirtualMemory  (-1, 8814592, 0, 4096, 4096, 4, ...
 03466  1248   NtAllocateVirtualMemory  ... 245096448, 8192, ) == 0x0
 03471  1388   NtWaitForSingleObject  (272, 0, 0x0, ...
 03166   624   NtWaitForSingleObject  ... ) == 0x0
 03467  1420   NtSetEventBoostPriority  ... ) == 0x0
 03472   520   NtRegisterThreadTerminatePort  (24, ...
 03469  1636   NtDuplicateObject  ... 1292, ) == 0x0
 03470  1064   NtAllocateVirtualMemory  ... 8814592, 4096, ) == 0x0
 03473   276   NtContinue  (123469104, 1, ...
 03474   996   NtTestAlert  (...
 03475  1248   NtProtectVirtualMemory  (-1, (0xe9be000), 4096, 260, ...
 03476   624   NtSetEventBoostPriority  (272, ...
 03477  1420   NtWaitForSingleObject  (272, 0, 0x0, ...
 03472   520   NtRegisterThreadTerminatePort  ... ) == 0x0
 03478  1636   NtWaitForSingleObject  (272, 0, 0x0, ...
 03479   276   NtRegisterThreadTerminatePort  (24, ...
 03474   996   NtTestAlert  ... ) == 0x0
 03170  1852   NtWaitForSingleObject  ... ) == 0x0
 03475  1248   NtProtectVirtualMemory  ... (0xe9be000), 4096, 4, ) == 0x0
 03476   624   NtSetEventBoostPriority  ... ) == 0x0
 03480  1064   NtSetEventBoostPriority  (88, ...
 03481   520   NtWaitForSingleObject  (272, 0, 0x0, ...
 03479   276   NtRegisterThreadTerminatePort  ... ) == 0x0
 03482   996   NtContinue  (124517680, 1, ...
 03483  1852   NtSetEventBoostPriority  (272, ...
 03484  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03485   624   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02033  1600   NtWaitForSingleObject  ... ) == 0x0
 03480  1064   NtSetEventBoostPriority  ... ) == 0x0
 03486   276   NtWaitForSingleObject  (272, 0, 0x0, ...
 03487   996   NtRegisterThreadTerminatePort  (24, ...
 03177  1948   NtWaitForSingleObject  ... ) == 0x0
 03483  1852   NtSetEventBoostPriority  ... ) == 0x0
 03484  1248   NtCreateThread  ... 1296, {1656, 2272}, ) == 0x0
 03488  1600   NtSetEventBoostPriority  (88, ...
 03485   624   NtDuplicateObject  ... 1300, ) == 0x0
 03489  1064   NtTestAlert  (...
 03490  1948   NtSetEventBoostPriority  (272, ...
 03487   996   NtRegisterThreadTerminatePort  ... ) == 0x0
 03491  1852   NtWaitForSingleObject  (272, 0, 0x0, ...
 02043  1372   NtWaitForSingleObject  ... ) == 0x0
 03488  1600   NtSetEventBoostPriority  ... ) == 0x0
 03492  1248   NtQueryInformationThread  (1296, Basic, 28, ...
 03180  2000   NtWaitForSingleObject  ... ) == 0x0
 03489  1064   NtTestAlert  ... ) == 0x0
 03493   996   NtWaitForSingleObject  (272, 0, 0x0, ...
 03490  1948   NtSetEventBoostPriority  ... ) == 0x0
 03494   624   NtWaitForSingleObject  (272, 0, 0x0, ...
 03495  1372   NtSetEventBoostPriority  (88, ...
 03492  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fed9000,Pid=1656,Tid=2272,}, 0x0, ) == 0x0
 03496  2000   NtSetEventBoostPriority  (272, ...
 03497  1064   NtContinue  (125566256, 1, ...
 03498  1600   NtTestAlert  (...
 03499  1948   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02049  2040   NtWaitForSingleObject  ... ) == 0x0
 03495  1372   NtSetEventBoostPriority  ... ) == 0x0
 03184   988   NtWaitForSingleObject  ... ) == 0x0
 03496  2000   NtSetEventBoostPriority  ... ) == 0x0
 03500  1064   NtRegisterThreadTerminatePort  (24, ...
 03498  1600   NtTestAlert  ... ) == 0x0
 03501  2040   NtSetEventBoostPriority  (88, ...
 03499  1948   NtDuplicateObject  ... 1304, ) == 0x0
 03502  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58170, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58170, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0x\6\0\0\340\10\0\0" ...  ...
 03503   988   NtSetEventBoostPriority  (272, ...
 03504  2000   NtWaitForSingleObject  (272, 0, 0x0, ...
 03505  1372   NtTestAlert  (...
 02059   216   NtWaitForSingleObject  ... ) == 0x0
 03501  2040   NtSetEventBoostPriority  ... ) == 0x0
 03506  1600   NtContinue  (126614832, 1, ...
 03500  1064   NtRegisterThreadTerminatePort  ... ) == 0x0
 03188   764   NtWaitForSingleObject  ... ) == 0x0
 03502  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58171, 0}  ... {28, 56, reply, 0, 1656, 1248, 58171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG\20\5\0\0x\6\0\0\340\10\0\0" )  ) == 0x0
 03503   988   NtSetEventBoostPriority  ... ) == 0x0
 03507  1948   NtWaitForSingleObject  (272, 0, 0x0, ...
 03508   216   NtSetEventBoostPriority  (88, ...
 03505  1372   NtTestAlert  ... ) == 0x0
 03509  1600   NtRegisterThreadTerminatePort  (24, ...
 03510  1064   NtWaitForSingleObject  (272, 0, 0x0, ...
 03511   764   NtSetEventBoostPriority  (272, ...
 03512  1248   NtResumeThread  (1296, ...
 03513   988   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02065   152   NtWaitForSingleObject  ... ) == 0x0
 03508   216   NtSetEventBoostPriority  ... ) == 0x0
 03514  1372   NtContinue  (127663408, 1, ...
 03509  1600   NtRegisterThreadTerminatePort  ... ) == 0x0
 03193   468   NtWaitForSingleObject  ... ) == 0x0
 03511   764   NtSetEventBoostPriority  ... ) == 0x0
 03512  1248   NtResumeThread  ... 1, ) == 0x0
 03515   152   NtSetEventBoostPriority  (88, ...
 03513   988   NtDuplicateObject  ... 1308, ) == 0x0
 03516  2040   NtTestAlert  (...
 03517  2272   NtWaitForSingleObject  (88, 0, 0x0, ...
 03518  1372   NtRegisterThreadTerminatePort  (24, ...
 03519   468   NtSetEventBoostPriority  (272, ...
 03520  1600   NtWaitForSingleObject  (272, 0, 0x0, ...
 03521   764   NtWaitForSingleObject  (272, 0, 0x0, ...
 02075   900   NtWaitForSingleObject  ... ) == 0x0
 03515   152   NtSetEventBoostPriority  ... ) == 0x0
 03522  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03523   216   NtTestAlert  (...
 03516  2040   NtTestAlert  ... ) == 0x0
 03196   308   NtWaitForSingleObject  ... ) == 0x0
 03518  1372   NtRegisterThreadTerminatePort  ... ) == 0x0
 03519   468   NtSetEventBoostPriority  ... ) == 0x0
 03524   988   NtWaitForSingleObject  (272, 0, 0x0, ...
 03525   900   NtSetEventBoostPriority  (88, ...
 03526   152   NtTestAlert  (...
 03523   216   NtTestAlert  ... ) == 0x0
 03527  2040   NtContinue  (128711984, 1, ...
 03528   308   NtSetEventBoostPriority  (272, ...
 03529  1372   NtWaitForSingleObject  (272, 0, 0x0, ...
 03530   468   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02081  1272   NtWaitForSingleObject  ... ) == 0x0
 03525   900   NtSetEventBoostPriority  ... ) == 0x0
 03526   152   NtTestAlert  ... ) == 0x0
 03531   216   NtContinue  (129760560, 1, ...
 03532  2040   NtRegisterThreadTerminatePort  (24, ...
 03201   968   NtWaitForSingleObject  ... ) == 0x0
 03528   308   NtSetEventBoostPriority  ... ) == 0x0
 03522  1248   NtAllocateVirtualMemory  ... 245104640, 1048576, ) == 0x0
 03533  1272   NtSetEventBoostPriority  (88, ...
 03530   468   NtDuplicateObject  ... 1312, ) == 0x0
 03534   152   NtContinue  (130809136, 1, ...
 03535   216   NtRegisterThreadTerminatePort  (24, ...
 03536   968   NtSetEventBoostPriority  (272, ...
 03532  2040   NtRegisterThreadTerminatePort  ... ) == 0x0
 03537   308   NtWaitForSingleObject  (272, 0, 0x0, ...
 02090  1240   NtWaitForSingleObject  ... ) == 0x0
 03533  1272   NtSetEventBoostPriority  ... ) == 0x0
 03538  1248   NtAllocateVirtualMemory  (-1, 246145024, 0, 8192, 4096, 4, ...
 03539   900   NtTestAlert  (...
 03540   152   NtRegisterThreadTerminatePort  (24, ...
 03202   380   NtWaitForSingleObject  ... ) == 0x0
 03536   968   NtSetEventBoostPriority  ... ) == 0x0
 03535   216   NtRegisterThreadTerminatePort  ... ) == 0x0
 03541  2040   NtWaitForSingleObject  (272, 0, 0x0, ...
 03542   468   NtWaitForSingleObject  (272, 0, 0x0, ...
 03543  1240   NtSetEventBoostPriority  (88, ...
 03538  1248   NtAllocateVirtualMemory  ... 246145024, 8192, ) == 0x0
 03539   900   NtTestAlert  ... ) == 0x0
 03544   380   NtSetEventBoostPriority  (272, ...
 03540   152   NtRegisterThreadTerminatePort  ... ) == 0x0
 03545   968   NtWaitForSingleObject  (272, 0, 0x0, ...
 03546   216   NtWaitForSingleObject  (272, 0, 0x0, ...
 03547  1272   NtTestAlert  (...
 02097  1776   NtWaitForSingleObject  ... ) == 0x0
 03543  1240   NtSetEventBoostPriority  ... ) == 0x0
 03548  1248   NtProtectVirtualMemory  (-1, (0xeabe000), 4096, 260, ...
 03211   240   NtWaitForSingleObject  ... ) == 0x0
 03549   900   NtContinue  (131857712, 1, ...
 03550   152   NtWaitForSingleObject  (272, 0, 0x0, ...
 03544   380   NtSetEventBoostPriority  ... ) == 0x0
 03551  1776   NtSetEventBoostPriority  (88, ...
 03547  1272   NtTestAlert  ... ) == 0x0
 03548  1248   NtProtectVirtualMemory  ... (0xeabe000), 4096, 4, ) == 0x0
 03552   240   NtSetEventBoostPriority  (272, ...
 03553   900   NtRegisterThreadTerminatePort  (24, ...
 03554  1240   NtTestAlert  (...
 02106  1324   NtWaitForSingleObject  ... ) == 0x0
 03551  1776   NtSetEventBoostPriority  ... ) == 0x0
 03555   380   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03556  1272   NtContinue  (132906288, 1, ...
 03557  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03207  1692   NtWaitForSingleObject  ... ) == 0x0
 03552   240   NtSetEventBoostPriority  ... ) == 0x0
 03553   900   NtRegisterThreadTerminatePort  ... ) == 0x0
 03558  1324   NtSetEventBoostPriority  (88, ...
 03554  1240   NtTestAlert  ... ) == 0x0
 03555   380   NtDuplicateObject  ... 1316, ) == 0x0
 03559  1272   NtRegisterThreadTerminatePort  (24, ...
 03560  1776   NtTestAlert  (...
 03561  1692   NtSetEventBoostPriority  (272, ...
 03562   240   NtWaitForSingleObject  (272, 0, 0x0, ...
 02113  1884   NtWaitForSingleObject  ... ) == 0x0
 03558  1324   NtSetEventBoostPriority  ... ) == 0x0
 03563   900   NtWaitForSingleObject  (272, 0, 0x0, ...
 03564  1240   NtContinue  (133954864, 1, ...
 03557  1248   NtCreateThread  ... 1320, {1656, 2276}, ) == 0x0
 03559  1272   NtRegisterThreadTerminatePort  ... ) == 0x0
 03214  1792   NtWaitForSingleObject  ... ) == 0x0
 03560  1776   NtTestAlert  ... ) == 0x0
 03561  1692   NtSetEventBoostPriority  ... ) == 0x0
 03565   380   NtWaitForSingleObject  (272, 0, 0x0, ...
 03566  1884   NtSetEventBoostPriority  (88, ...
 03567  1324   NtTestAlert  (...
 03568  1240   NtRegisterThreadTerminatePort  (24, ...
 03569  1248   NtQueryInformationThread  (1320, Basic, 28, ...
 03570  1272   NtWaitForSingleObject  (272, 0, 0x0, ...
 03571  1792   NtSetEventBoostPriority  (272, ...
 03572  1776   NtContinue  (135003440, 1, ...
 03573  1692   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02122   248   NtWaitForSingleObject  ... ) == 0x0
 03566  1884   NtSetEventBoostPriority  ... ) == 0x0
 03567  1324   NtTestAlert  ... ) == 0x0
 03568  1240   NtRegisterThreadTerminatePort  ... ) == 0x0
 03569  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fed8000,Pid=1656,Tid=2276,}, 0x0, ) == 0x0
 03223   784   NtWaitForSingleObject  ... ) == 0x0
 03574  1776   NtRegisterThreadTerminatePort  (24, ...
 03575   248   NtSetEventBoostPriority  (88, ...
 03573  1692   NtDuplicateObject  ... 1324, ) == 0x0
 03571  1792   NtSetEventBoostPriority  ... ) == 0x0
 03576  1324   NtContinue  (136052016, 1, ...
 03577  1240   NtWaitForSingleObject  (272, 0, 0x0, ...
 03578  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58171, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58171, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0x\6\0\0\344\10\0\0" ...  ...
 03579   784   NtSetEventBoostPriority  (272, ...
 02129  1652   NtWaitForSingleObject  ... ) == 0x0
 03575   248   NtSetEventBoostPriority  ... ) == 0x0
 03574  1776   NtRegisterThreadTerminatePort  ... ) == 0x0
 03580  1884   NtTestAlert  (...
 03581  1792   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03582  1324   NtRegisterThreadTerminatePort  (24, ...
 03583  1692   NtWaitForSingleObject  (272, 0, 0x0, ...
 03578  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58172, 0}  ... {28, 56, reply, 0, 1656, 1248, 58172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG(\5\0\0x\6\0\0\344\10\0\0" )  ) == 0x0
 03584  1652   NtSetEventBoostPriority  (88, ...
 03227   888   NtWaitForSingleObject  ... ) == 0x0
 03579   784   NtSetEventBoostPriority  ... ) == 0x0
 03585  1776   NtWaitForSingleObject  (272, 0, 0x0, ...
 03580  1884   NtTestAlert  ... ) == 0x0
 03581  1792   NtDuplicateObject  ... 1328, ) == 0x0
 03582  1324   NtRegisterThreadTerminatePort  ... ) == 0x0
 03586   248   NtTestAlert  (...
 02138   588   NtWaitForSingleObject  ... ) == 0x0
 03584  1652   NtSetEventBoostPriority  ... ) == 0x0
 03587   888   NtSetEventBoostPriority  (272, ...
 03588   784   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03589  1248   NtResumeThread  (1320, ...
 03590  1884   NtContinue  (137100592, 1, ...
 03591  1324   NtWaitForSingleObject  (272, 0, 0x0, ...
 03592   588   NtSetEventBoostPriority  (88, ...
 03586   248   NtTestAlert  ... ) == 0x0
 03593  1792   NtWaitForSingleObject  (272, 0, 0x0, ...
 03230  1520   NtWaitForSingleObject  ... ) == 0x0
 03587   888   NtSetEventBoostPriority  ... ) == 0x0
 03588   784   NtDuplicateObject  ... 1332, ) == 0x0
 03589  1248   NtResumeThread  ... 1, ) == 0x0
 03594  1884   NtRegisterThreadTerminatePort  (24, ...
 03595  1652   NtTestAlert  (...
 03596  2276   NtWaitForSingleObject  (88, 0, 0x0, ...
 02145   440   NtWaitForSingleObject  ... ) == 0x0
 03592   588   NtSetEventBoostPriority  ... ) == 0x0
 03597   248   NtContinue  (138149168, 1, ...
 03598  1520   NtSetEventBoostPriority  (272, ...
 03599   888   NtWaitForSingleObject  (272, 0, 0x0, ...
 03600  1248   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03594  1884   NtRegisterThreadTerminatePort  ... ) == 0x0
 03595  1652   NtTestAlert  ... ) == 0x0
 03601   440   NtSetEventBoostPriority  (88, ...
 03602   784   NtWaitForSingleObject  (272, 0, 0x0, ...
 03236  1696   NtWaitForSingleObject  ... ) == 0x0
 03603   248   NtRegisterThreadTerminatePort  (24, ...
 03598  1520   NtSetEventBoostPriority  ... ) == 0x0
 03604   588   NtTestAlert  (...
 03600  1248   NtAllocateVirtualMemory  ... 246153216, 1048576, ) == 0x0
 03605  1884   NtWaitForSingleObject  (272, 0, 0x0, ...
 02154  1296   NtWaitForSingleObject  ... ) == 0x0
 03601   440   NtSetEventBoostPriority  ... ) == 0x0
 03606  1652   NtContinue  (139197744, 1, ...
 03607  1696   NtSetEventBoostPriority  (272, ...
 03603   248   NtRegisterThreadTerminatePort  ... ) == 0x0
 03608  1520   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03604   588   NtTestAlert  ... ) == 0x0
 03609  1248   NtAllocateVirtualMemory  (-1, 247193600, 0, 8192, 4096, 4, ...
 03610  1296   NtSetEventBoostPriority  (88, ...
 03611  1652   NtRegisterThreadTerminatePort  (24, ...
 03238  2044   NtWaitForSingleObject  ... ) == 0x0
 03612   248   NtWaitForSingleObject  (272, 0, 0x0, ...
 03608  1520   NtDuplicateObject  ... 1336, ) == 0x0
 03613   588   NtContinue  (140246320, 1, ...
 02161  1612   NtWaitForSingleObject  ... ) == 0x0
 03610  1296   NtSetEventBoostPriority  ... ) == 0x0
 03609  1248   NtAllocateVirtualMemory  ... 247193600, 8192, ) == 0x0
 03611  1652   NtRegisterThreadTerminatePort  ... ) == 0x0
 03614  2044   NtSetEventBoostPriority  (272, ...
 03607  1696   NtSetEventBoostPriority  ... ) == 0x0
 03615   440   NtTestAlert  (...
 03616  1612   NtSetEventBoostPriority  (88, ...
 03617   588   NtRegisterThreadTerminatePort  (24, ...
 03618  1520   NtWaitForSingleObject  (272, 0, 0x0, ...
 03619  1296   NtTestAlert  (...
 03620  1652   NtWaitForSingleObject  (272, 0, 0x0, ...
 03240  1392   NtWaitForSingleObject  ... ) == 0x0
 03614  2044   NtSetEventBoostPriority  ... ) == 0x0
 03621  1696   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02170   876   NtWaitForSingleObject  ... ) == 0x0
 03616  1612   NtSetEventBoostPriority  ... ) == 0x0
 03615   440   NtTestAlert  ... ) == 0x0
 03617   588   NtRegisterThreadTerminatePort  ... ) == 0x0
 03619  1296   NtTestAlert  ... ) == 0x0
 03622  1248   NtProtectVirtualMemory  (-1, (0xebbe000), 4096, 260, ...
 03623  1392   NtSetEventBoostPriority  (272, ...
 03624   876   NtSetEventBoostPriority  (88, ...
 03621  1696   NtDuplicateObject  ... 1340, ) == 0x0
 03625  2044   NtWaitForSingleObject  (272, 0, 0x0, ...
 03626   440   NtContinue  (141294896, 1, ...
 03627   588   NtWaitForSingleObject  (272, 0, 0x0, ...
 03628  1296   NtContinue  (142343472, 1, ...
 03245   504   NtWaitForSingleObject  ... ) == 0x0
 02177  1368   NtWaitForSingleObject  ... ) == 0x0
 03624   876   NtSetEventBoostPriority  ... ) == 0x0
 03623  1392   NtSetEventBoostPriority  ... ) == 0x0
 03622  1248   NtProtectVirtualMemory  ... (0xebbe000), 4096, 4, ) == 0x0
 03629  1612   NtTestAlert  (...
 03630   440   NtRegisterThreadTerminatePort  (24, ...
 03631  1696   NtWaitForSingleObject  (272, 0, 0x0, ...
 03632   504   NtSetEventBoostPriority  (272, ...
 03633  1368   NtSetEventBoostPriority  (88, ...
 03634  1296   NtRegisterThreadTerminatePort  (24, ...
 03635  1392   NtWaitForSingleObject  (272, 0, 0x0, ...
 03636  1248   NtCreateThread  (0x1f03ff, 0x0, -1, 1243956, 1243900, 1, ...
 03629  1612   NtTestAlert  ... ) == 0x0
 03630   440   NtRegisterThreadTerminatePort  ... ) == 0x0
 03244  1744   NtWaitForSingleObject  ... ) == 0x0
 02186  1620   NtWaitForSingleObject  ... ) == 0x0
 03633  1368   NtSetEventBoostPriority  ... ) == 0x0
 03632   504   NtSetEventBoostPriority  ... ) == 0x0
 03634  1296   NtRegisterThreadTerminatePort  ... ) == 0x0
 03637   876   NtTestAlert  (...
 03636  1248   NtCreateThread  ... 1344, {1656, 2280}, ) == 0x0
 03638  1612   NtContinue  (143392048, 1, ...
 03639  1744   NtSetEventBoostPriority  (272, ...
 03640  1620   NtSetEventBoostPriority  (88, ...
 03641   440   NtWaitForSingleObject  (272, 0, 0x0, ...
 03642   504   NtWaitForSingleObject  (272, 0, 0x0, ...
 03643  1296   NtWaitForSingleObject  (272, 0, 0x0, ...
 03637   876   NtTestAlert  ... ) == 0x0
 03644  1248   NtQueryInformationThread  (1344, Basic, 28, ...
 03251  1124   NtWaitForSingleObject  ... ) == 0x0
 02193  1376   NtWaitForSingleObject  ... ) == 0x0
 03640  1620   NtSetEventBoostPriority  ... ) == 0x0
 03645  1612   NtRegisterThreadTerminatePort  (24, ...
 03639  1744   NtSetEventBoostPriority  ... ) == 0x0
 03646  1368   NtTestAlert  (...
 03647   876   NtContinue  (144440624, 1, ...
 03644  1248   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7fed7000,Pid=1656,Tid=2280,}, 0x0, ) == 0x0
 03648  1376   NtSetEventBoostPriority  (88, ...
 03649  1124   NtSetEventBoostPriority  (272, ...
 03645  1612   NtRegisterThreadTerminatePort  ... ) == 0x0
 03650  1744   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03646  1368   NtTestAlert  ... ) == 0x0
 03651   876   NtRegisterThreadTerminatePort  (24, ...
 03652  1620   NtTestAlert  (...
 02202  1436   NtWaitForSingleObject  ... ) == 0x0
 03648  1376   NtSetEventBoostPriority  ... ) == 0x0
 03259  1496   NtWaitForSingleObject  ... ) == 0x0
 03653  1612   NtWaitForSingleObject  (272, 0, 0x0, ...
 03650  1744   NtDuplicateObject  ... 1348, ) == 0x0
 03654  1368   NtContinue  (145489200, 1, ...
 03651   876   NtRegisterThreadTerminatePort  ... ) == 0x0
 03655  1436   NtSetEventBoostPriority  (88, ...
 03652  1620   NtTestAlert  ... ) == 0x0
 03649  1124   NtSetEventBoostPriority  ... ) == 0x0
 03656  1248   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1656, 1248, 58172, 0}  (24, {28, 56, new_msg, 0, 1656, 1248, 58172, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0x\6\0\0\350\10\0\0" ...  ...
 03657  1496   NtSetEventBoostPriority  (272, ...
 03658  1376   NtTestAlert  (...
 03659  1368   NtRegisterThreadTerminatePort  (24, ...
 02209   480   NtWaitForSingleObject  ... ) == 0x0
 03655  1436   NtSetEventBoostPriority  ... ) == 0x0
 03660   876   NtWaitForSingleObject  (272, 0, 0x0, ...
 03661  1620   NtContinue  (146537776, 1, ...
 03662  1124   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03656  1248   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 1656, 1248, 58173, 0}  ... {28, 56, reply, 0, 1656, 1248, 58173, 0} "\0\0\0\0\1\0\1\0\0\0\0\0DEFG@\5\0\0x\6\0\0\350\10\0\0" )  ) == 0x0
 03268  2020   NtWaitForSingleObject  ... ) == 0x0
 03658  1376   NtTestAlert  ... ) == 0x0
 03663   480   NtSetEventBoostPriority  (88, ...
 03659  1368   NtRegisterThreadTerminatePort  ... ) == 0x0
 03657  1496   NtSetEventBoostPriority  ... ) == 0x0
 03664  1744   NtWaitForSingleObject  (272, 0, 0x0, ...
 03665  1436   NtTestAlert  (...
 03666  1620   NtRegisterThreadTerminatePort  (24, ...
 03662  1124   NtDuplicateObject  ... 1352, ) == 0x0
 03667  1248   NtResumeThread  (1344, ...
 03668  2020   NtSetEventBoostPriority  (272, ...
 02218  1192   NtWaitForSingleObject  ... ) == 0x0
 03663   480   NtSetEventBoostPriority  ... ) == 0x0
 03669  1376   NtContinue  (147586352, 1, ...
 03670  1368   NtWaitForSingleObject  (272, 0, 0x0, ...
 03671  1496   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03665  1436   NtTestAlert  ... ) == 0x0
 03666  1620   NtRegisterThreadTerminatePort  ... ) == 0x0
 03667  1248   NtResumeThread  ... 1, ) == 0x0
 03672  1192   NtSetEventBoostPriority  (88, ...