Summary:


NtDelayExecution(>)  1 
NtOpenMutant(>)  2 
NtQuerySection(>)  7 
NtCreateEvent(>)  25 

NtFsControlFile(>)  1 
NtQueryInformationFile(>)  2 
NtOpenProcess(>)  9 
NtRequestWaitReplyPort(>)  25 

NtGdiCreateBitmap(>)  1 
NtRaiseException(>)  2 
NtOpenProcessTokenEx(>)  11 
NtReadVirtualMemory(>)  27 

NtGdiInit(>)  1 
NtSetInformationProcess(>)  2 
NtOpenThreadTokenEx(>)  11 
NtSetEvent(>)  28 

NtGdiQueryFontAssocInfo(>)  1 
NtUserCallOneParam(>)  2 
NtTerminateThread(>)  11 
NtOpenSection(>)  32 

NtGdiSelectBitmap(>)  1 
NtUserGetDC(>)  2 
NtSetEventBoostPriority(>)  14 
NtQueryInformationThread(>)  37 

NtOpenKeyedEvent(>)  1 
NtCallbackReturn(>)  3 
NtUnmapViewOfSection(>)  14 
NtMapViewOfSection(>)  40 

NtOpenSymbolicLinkObject(>)  1 
NtGdiCreateCompatibleDC(>)  3 
NtQueryInformationToken(>)  15 
NtQueryValueKey(>)  40 

NtQueryObject(>)  1 
NtQueryVirtualMemory(>)  3 
NtFlushInstructionCache(>)  16 
NtWaitForSingleObject(>)  45 

NtQuerySymbolicLinkObject(>)  1 
NtReleaseMutant(>)  3 
NtQueryDebugFilterState(>)  16 
NtProtectVirtualMemory(>)  62 

NtQueryVolumeInformationFile(>)  1 
NtUserBuildHwndList(>)  3 
NtCreateSection(>)  17 
NtAllocateVirtualMemory(>)  63 

NtSecureConnectPort(>)  1 
NtDuplicateObject(>)  4 
NtCreateThread(>)  18 
NtOpenKey(>)  71 

NtUserCallNoParam(>)  1 
NtQueryDefaultLocale(>)  4 
NtResumeThread(>)  18 
NtUserGetClassInfo(>)  74 

NtUserGetThreadDesktop(>)  1 
NtQueryInformationProcess(>)  4 
NtRegisterThreadTerminatePort(>)  19 
NtUserFindExistingCursorIcon(>)  87 

NtAccessCheck(>)  2 
NtQueryInstallUILanguage(>)  4 
NtTestAlert(>)  19 
NtUserRegisterClassExWOW(>)  108 

NtAddAtom(>)  2 
NtSetInformationObject(>)  4 
NtUserSystemParametersInfo(>)  20 
NtClose(>)  168 

NtCreateFile(>)  2 
NtGdiGetStockObject(>)  5 
NtQueryAttributesFile(>)  21 
NtUserQueryWindow(>)  234 

NtEnumerateValueKey(>)  2 
NtOpenProcessToken(>)  5 
NtSetInformationThread(>)  22 
NtContinue(>)  3383 

NtGdiCreateSolidBrush(>)  2 
NtQueryDefaultUILanguage(>)  6 
NtFreeVirtualMemory(>)  23 

NtOpenDirectoryObject(>)  2 
NtUserFindWindowEx(>)  6 
NtOpenFile(>)  23 

NtOpenEvent(>)  2 

Trace:
 00001   452   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002   452   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00003   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00004   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00005   452   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00006   452   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00007   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00008   452   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00009   452   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00010   452   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00011   452   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00012   452   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00013   452   NtClose  (12, ... ) == 0x0
 00014   452   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\U:\startupscripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00015   452   NtQueryVolumeInformationFile  (12, 1243848, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00016   452   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... ) == STATUS_INVALID_PARAMETER
 00017   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243832, ... ) }, 1243832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019   452   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e60000), 0x0, 937984, ) == 0x0
 00020   452   NtClose  (16, ... ) == 0x0
 00021   452   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00022   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00023   452   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00024   452   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18481152}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18481152}, {0, 0, 0}, 200, 44, ) == 0x0
 00025   452   NtClose  (16, ... ) == 0x0
 00026   452   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00027   452   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00028   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00029   452   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00030   452   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00031   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 0, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" ... {28, 56, reply, 0, 448, 452, 1527, 0} "`\323\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" )  ... {28, 56, reply, 0, 448, 452, 1527, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" ... {28, 56, reply, 0, 448, 452, 1527, 0} "`\323\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\32\1\4\0\0\0" )  ) == 0x0
 00032   452   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00033   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00034   452   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00035   452   NtClose  (16, ... ) == 0x0
 00036   452   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00037   452   NtOpenMutant  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\NlsCacheMutant"}, ... 16, ) }, ... 16, ) == 0x0
 00038   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 28, ) }, ... 28, ) == 0x0
 00039   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00040   452   NtClose  (28, ... ) == 0x0
 00041   452   NtQueryDefaultLocale  (0, 2012046252, ... ) == 0x0
 00042   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 28, ) }, ... 28, ) == 0x0
 00043   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 212992, ) == 0x0
 00044   452   NtClose  (28, ... ) == 0x0
 00045   452   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 28, ) }, ... 28, ) == 0x0
 00046   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00047   452   NtQuerySection  (28, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00048   452   NtClose  (28, ... ) == 0x0
 00049   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 28, ) }, ... 28, ) == 0x0
 00050   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00051   452   NtClose  (28, ... ) == 0x0
 00052   452   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00053   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00054   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00055   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" ... {28, 56, reply, 0, 448, 452, 1535, 0} "\260.\27\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" )  ... {28, 56, reply, 0, 448, 452, 1535, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\32\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" ... {28, 56, reply, 0, 448, 452, 1535, 0} "\260.\27\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\32\18\6\0\0" )  ) == 0x0
 00056   452   NtProtectVirtualMemory  (-1, (0x420000), 12288, 4, ... (0x420000), 12288, 8, ) == 0x0
 00057   452   NtProtectVirtualMemory  (-1, (0x420000), 12288, 8, ... (0x420000), 12288, 4, ) == 0x0
 00058   452   NtFlushInstructionCache  (-1, 4325376, 12288, ... ) == 0x0
 00059   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "USER32.DLL"}, ... 28, ) }, ... 28, ) == 0x0
 00060   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77d40000), 0x0, 577536, ) == 0x0
 00061   452   NtClose  (28, ... ) == 0x0
 00062   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00063   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c70000), 0x0, 262144, ) == 0x0
 00064   452   NtClose  (28, ... ) == 0x0
 00065   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00066   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 569344, ) == 0x0
 00067   452   NtClose  (28, ... ) == 0x0
 00068   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00069   452   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77cc0000), 0x0, 479232, ) == 0x0
 00070   452   NtClose  (28, ... ) == 0x0
 00071   452   NtProtectVirtualMemory  (-1, (0x420000), 12288, 4, ... (0x420000), 12288, 4, ) == 0x0
 00072   452   NtProtectVirtualMemory  (-1, (0x420000), 12288, 4, ... (0x420000), 12288, 4, ) == 0x0
 00073   452   NtFlushInstructionCache  (-1, 4325376, 12288, ... ) == 0x0
 00074   452   NtOpenProcessToken  (-1, 0x8, ... 28, ) == 0x0
 00075   452   NtQueryInformationToken  (28, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00076   452   NtClose  (28, ... ) == 0x0
 00077   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00078   452   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00079   452   NtClose  (28, ... ) == 0x0
 00080   452   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00081   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00082   452   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00083   452   NtQueryValueKey  (28,  (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00084   452   NtClose  (28, ... ) == 0x0
 00085   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 28, ) }, ... 28, ) == 0x0
 00086   452   NtQueryValueKey  (28,  (28, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00087   452   NtClose  (28, ... ) == 0x0
 00088   452   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 28, ) }, ... 28, ) == 0x0
 00089   452   NtSetInformationObject  (28, Handle, {Inherit=0,ProtectFromClose=1,}, 2011365632, ... ) == 0x0
 00090   452   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00091   452   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00092   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\32\1\0\0\0\0\314\4\23\0!\215\30\34\3\0\0\0\234\6\32\1$\1\0\0" ... {28, 56, reply, 0, 448, 452, 1542, 0} "XQ\26\0\0\0\0\0\0\0\0\0!\215\30\34\3\0\0\0\234\6\32\1$\1\0\0" )  ... {28, 56, reply, 0, 448, 452, 1542, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\32\1\0\0\0\0\314\4\23\0!\215\30\34\3\0\0\0\234\6\32\1$\1\0\0" ... {28, 56, reply, 0, 448, 452, 1542, 0} "XQ\26\0\0\0\0\0\0\0\0\0!\215\30\34\3\0\0\0\234\6\32\1$\1\0\0" )  ) == 0x0
 00093   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00094   452   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x430000), 0x0, 1060864, ) == 0x0
 00095   452   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 36, ) == 0x0
 00096   452   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00097   452   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147482020, ) == 0x0
 00098   452   NtQueryInformationToken  (-2147482020, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00099   452   NtQueryInformationToken  (-2147482020, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00100   452   NtClose  (-2147482020, ... ) == 0x0
 00101   452   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 4128768, 4096, ) == 0x0
 00102   452   NtFreeVirtualMemory  (-1, (0x3f0000), 4096, 32768, ... (0x3f0000), 4096, ) == 0x0
 00103   452   NtDuplicateObject  (-1, 40, -1, 0x0, 0, 2, ... 48, ) == 0x0
 00104   452   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00105   452   NtQueryValueKey  (-2147482020,  (-2147482020, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00106   452   NtClose  (-2147482020, ... ) == 0x0
 00107   452   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00108   452   NtQueryValueKey  (-2147482020,  (-2147482020, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00109   452   NtClose  (-2147482020, ... ) == 0x0
 00110   452   NtQueryDefaultLocale  (0, -132019700, ... ) == 0x0
 00111   452   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00112   452   NtUserCallNoParam  (24, ... ) == 0x0
 00113   452   NtGdiCreateCompatibleDC  (0, ...
 00114   452   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 4128768, 4096, ) == 0x0
 00113   452   NtGdiCreateCompatibleDC  ... ) == 0x13010430
 00115   452   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00116   452   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00117   452   NtGdiCreateBitmap  (8, 8, 1, 1, 2010393708, ... ) == 0x13050434
 00118   452   NtGdiCreateSolidBrush  (0, 0, ...
 00119   452   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 8650752, 4096, ) == 0x0
 00118   452   NtGdiCreateSolidBrush  ... ) == 0x29100437
 00120   452   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00121   452   NtGdiCreateCompatibleDC  (0, ... ) == 0x34010439
 00122   452   NtGdiSelectBitmap  (872481849, 319095860, ... ) == 0x185000f
 00123   452   NtUserGetThreadDesktop  (452, 0, ... ) == 0x2c
 00124   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 52, ) }, ... 52, ) == 0x0
 00125   452   NtQueryValueKey  (52,  (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00126   452   NtClose  (52, ... ) == 0x0
 00127   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00128   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 673, 128, 0, ... ) == 0x810dc017
 00129   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00130   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 674, 128, 0, ... ) == 0x810dc01c
 00131   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00132   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 675, 128, 0, ... ) == 0x810dc01e
 00133   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00134   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 676, 128, 0, ... ) == 0x810d8002
 00135   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10013
 00136   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 677, 128, 0, ... ) == 0x810dc018
 00137   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00138   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 678, 128, 0, ... ) == 0x810dc01a
 00139   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00140   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 679, 128, 0, ... ) == 0x810dc01d
 00141   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00142   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 681, 128, 0, ... ) == 0x810dc026
 00143   452   NtUserFindExistingCursorIcon  (1241204, 1241220, 1241788, ... ) == 0x10011
 00144   452   NtUserRegisterClassExWOW  (1241724, 1241804, 1241788, 1241820, 680, 128, 0, ... ) == 0x810dc019
 00145   452   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ... ) == 0x810dc020
 00146   452   NtUserRegisterClassExWOW  (1241676, 1241752, 1241768, 1241740, 0, 130, 0, ... ) == 0x810dc022
 00147   452   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ... ) == 0x810dc023
 00148   452   NtUserRegisterClassExWOW  (1241676, 1241752, 1241768, 1241740, 0, 130, 0, ... ) == 0x810dc024
 00149   452   NtUserRegisterClassExWOW  (1241676, 1241756, 1241740, 1241772, 0, 128, 0, ... ) == 0x810dc025
 00150   452   NtCallbackReturn  (0, 0, 0, ...
 00151   452   NtGdiInit  (... ) == 0x1
 00152   452   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00153   452   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00154   452   NtQueryVirtualMemory  (-1, 0x423620, Basic, 28, ... {BaseAddress=0x423000,AllocationBase=0x400000,AllocationProtect=0x80,RegionSize=0x1000,State=0x1000,Protect=0x40,Type=0x1000000,}, 28, ) == 0x0
 00155   452   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00156   452   NtProtectVirtualMemory  (-1, (0x4001f8), 40, 4, ... (0x400000), 4096, 2, ) == 0x0
 00157   452   NtProtectVirtualMemory  (-1, (0x4001f8), 40, 2, ... (0x400000), 4096, 4, ) == 0x0
 00158   452   NtProtectVirtualMemory  (-1, (0x400220), 40, 4, ... (0x400000), 4096, 2, ) == 0x0
 00159   452   NtProtectVirtualMemory  (-1, (0x400220), 40, 2, ... (0x400000), 4096, 4, ) == 0x0
 00160   452   NtProtectVirtualMemory  (-1, (0x400248), 40, 4, ... (0x400000), 4096, 2, ) == 0x0
 00161   452   NtProtectVirtualMemory  (-1, (0x400248), 40, 2, ... (0x400000), 4096, 4, ) == 0x0
 00162   452   NtProtectVirtualMemory  (-1, (0x400270), 40, 4, ... (0x400000), 4096, 2, ) == 0x0
 00163   452   NtProtectVirtualMemory  (-1, (0x400270), 40, 2, ... (0x400000), 4096, 4, ) == 0x0
 00164   452   NtProtectVirtualMemory  (-1, (0x400298), 40, 4, ... (0x400000), 4096, 2, ) == 0x0
 00165   452   NtProtectVirtualMemory  (-1, (0x400298), 40, 2, ... (0x400000), 4096, 4, ) == 0x0
 00166   452   NtProtectVirtualMemory  (-1, (0x4002c0), 40, 4, ... (0x400000), 4096, 2, ) == 0x0
 00167   452   NtProtectVirtualMemory  (-1, (0x4002c0), 40, 2, ... (0x400000), 4096, 4, ) == 0x0
 00168   452   NtUserFindWindowEx  (0, 0,  (0, 0, "OLLYDBG", 0x0, 0, ... ) , 0x0, 0, ... ) == 0x0
 00169   452   NtUserFindWindowEx  (0, 0,  (0, 0, "WispWindowClass", 0x0, 0, ... ) , 0x0, 0, ... ) == 0x0
 00170   452   NtUserBuildHwndList  (0, 0, 0, 0, 64, ... (0x3004c, 0x100dc, 0x100aa, 0x100a8, 0x100a6, 0x20060, 0x100a0, 0x10080, 0x10074, 0x10068, 0x3004a, 0x10066, 0x3003c, 0x10098, 0x1008c, 0x1007c, 0x10026, 0x200b2, 0x100cc, 0x100be, 0x100bc, 0x100ba, 0x100b8, 0x100b6, 0x100b4, 0x100b0, 0x100ae, 0x20062, 0x20064, 0x100ce, 0x100c2, 0x100c0, 0x100ac, 0x1006c, 0x50050, 0x40054, 0x5004e, 0x1007e, 0x10076, 0x1, ), 40, ) == 0x0
 00171   452   NtUserQueryWindow  (196684, 0, ... ) == 0x758
 00172   452   NtUserQueryWindow  (196684, 1, ... ) == 0x76c
 00173   452   NtOpenProcess  (0x10, {24, 0, 0x0, 0, 0, 0x0}, {1880, 0}, ... 52, ) == 0x0
 00174   452   NtReadVirtualMemory  (52, 0x400000, 64, ...  (52, 0x400000, 64, ... "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 64, ) , 64, ) == 0x0
 00175   452   NtReadVirtualMemory  (52, 0x4b1c86, 4, ...
 00176   452   NtContinue  (-132023140, 0, ...
 00175   452   NtReadVirtualMemory  ... ) == STATUS_PARTIAL_COPY
 00177   452   NtReadVirtualMemory  (52, 0x4c91a0, 256, ...
 00178   452   NtContinue  (-132023140, 0, ...
 00177   452   NtReadVirtualMemory  ... ) == STATUS_PARTIAL_COPY
 00179   452   NtClose  (52, ... ) == 0x0
 00180   452   NtUserQueryWindow  (65756, 0, ... ) == 0x758
 00181   452   NtUserQueryWindow  (65756, 1, ... ) == 0x76c
 00182   452   NtUserQueryWindow  (65706, 0, ... ) == 0x7d0
 00183   452   NtUserQueryWindow  (65706, 1, ... ) == 0x7d4
 00184   452   NtOpenProcess  (0x10, {24, 0, 0x0, 0, 0, 0x0}, {2000, 0}, ... 52, ) == 0x0
 00185   452   NtReadVirtualMemory  (52, 0x400000, 64, ...  (52, 0x400000, 64, ... "MZ\220\0\3\0\0\0\4\0\0\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \1\0\0", 64, ) , 64, ) == 0x0
 00186   452   NtReadVirtualMemory  (52, 0x4b1c86, 4, ...  (52, 0x4b1c86, 4, ... "\0\0\0\0", 4, ) , 4, ) == 0x0
 00187   452   NtReadVirtualMemory  (52, 0x4c91a0, 256, ...  (52, 0x4c91a0, 256, ... "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, ) , 256, ) == 0x0
 00188   452   NtClose  (52, ... ) == 0x0
 00189   452   NtUserQueryWindow  (65704, 0, ... ) == 0x7d0
 00190   452   NtUserQueryWindow  (65704, 1, ... ) == 0x7d4
 00191   452   NtUserQueryWindow  (65702, 0, ... ) == 0x7d0
 00192   452   NtUserQueryWindow  (65702, 1, ... ) == 0x7d4
 00193   452   NtUserQueryWindow  (131168, 0, ... ) == 0x7d0
 00194   452   NtUserQueryWindow  (131168, 1, ... ) == 0x7d4
 00195   452   NtUserQueryWindow  (65696, 0, ... ) == 0x758
 00196   452   NtUserQueryWindow  (65696, 1, ... ) == 0x76c
 00197   452   NtUserQueryWindow  (65664, 0, ... ) == 0x758
 00198   452   NtUserQueryWindow  (65664, 1, ... ) == 0x76c
 00199   452   NtUserQueryWindow  (65652, 0, ... ) == 0x758
 00200   452   NtUserQueryWindow  (65652, 1, ... ) == 0x76c
 00201   452   NtUserQueryWindow  (65640, 0, ... ) == 0x758
 00202   452   NtUserQueryWindow  (65640, 1, ... ) == 0x76c
 00203   452   NtUserQueryWindow  (196682, 0, ... ) == 0x758
 00204   452   NtUserQueryWindow  (196682, 1, ... ) == 0x76c
 00205   452   NtUserQueryWindow  (65638, 0, ... ) == 0x758
 00206   452   NtUserQueryWindow  (65638, 1, ... ) == 0x76c
 00207   452   NtUserQueryWindow  (196668, 0, ... ) == 0x758
 00208   452   NtUserQueryWindow  (196668, 1, ... ) == 0x76c
 00209   452   NtUserQueryWindow  (65688, 0, ... ) == 0x758
 00210   452   NtUserQueryWindow  (65688, 1, ... ) == 0x76c
 00211   452   NtUserQueryWindow  (65676, 0, ... ) == 0x758
 00212   452   NtUserQueryWindow  (65676, 1, ... ) == 0x76c
 00213   452   NtUserQueryWindow  (65660, 0, ... ) == 0x758
 00214   452   NtUserQueryWindow  (65660, 1, ... ) == 0x75c
 00215   452   NtUserQueryWindow  (65574, 0, ... ) == 0x268
 00216   452   NtUserQueryWindow  (65574, 1, ... ) == 0x2c0
 00217   452   NtOpenProcess  (0x10, {24, 0, 0x0, 0, 0, 0x0}, {616, 0}, ... 52, ) == 0x0
 00218   452   NtReadVirtualMemory  (52, 0x400000, 64, ...  (52, 0x400000, 64, ... "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 64, ) , 64, ) == 0x0
 00219   452   NtReadVirtualMemory  (52, 0x4b1c86, 4, ...  (52, 0x4b1c86, 4, ... "\0\0\0\0", 4, ) , 4, ) == 0x0
 00220   452   NtReadVirtualMemory  (52, 0x4c91a0, 256, ...  (52, 0x4c91a0, 256, ... "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, ) , 256, ) == 0x0
 00221   452   NtClose  (52, ... ) == 0x0
 00222   452   NtUserQueryWindow  (131250, 0, ... ) == 0x11c
 00223   452   NtUserQueryWindow  (131250, 1, ... ) == 0x120
 00224   452   NtOpenProcess  (0x10, {24, 0, 0x0, 0, 0, 0x0}, {284, 0}, ... 52, ) == 0x0
 00225   452   NtReadVirtualMemory  (52, 0x400000, 64, ...  (52, 0x400000, 64, ... "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 64, ) , 64, ) == 0x0
 00226   452   NtReadVirtualMemory  (52, 0x4b1c86, 4, ...
 00227   452   NtContinue  (-132023140, 0, ...
 00226   452   NtReadVirtualMemory  ... ) == STATUS_PARTIAL_COPY
 00228   452   NtReadVirtualMemory  (52, 0x4c91a0, 256, ...
 00229   452   NtContinue  (-132023140, 0, ...
 00228   452   NtReadVirtualMemory  ... ) == STATUS_PARTIAL_COPY
 00230   452   NtClose  (52, ... ) == 0x0
 00231   452   NtUserQueryWindow  (65740, 0, ... ) == 0x11c
 00232   452   NtUserQueryWindow  (65740, 1, ... ) == 0x120
 00233   452   NtUserQueryWindow  (65726, 0, ... ) == 0x7d8
 00234   452   NtUserQueryWindow  (65726, 1, ... ) == 0x7dc
 00235   452   NtOpenProcess  (0x10, {24, 0, 0x0, 0, 0, 0x0}, {2008, 0}, ... 52, ) == 0x0
 00236   452   NtReadVirtualMemory  (52, 0x400000, 64, ...  (52, 0x400000, 64, ... "MZ\220\0\3\0\0\0\4\0\0\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\340\0\0\0", 64, ) , 64, ) == 0x0
 00237   452   NtReadVirtualMemory  (52, 0x4b1c86, 4, ...  (52, 0x4b1c86, 4, ... "\377\0\377\377", 4, ) , 4, ) == 0x0
 00238   452   NtReadVirtualMemory  (52, 0x4c91a0, 256, ...  (52, 0x4c91a0, 256, ... "\210fvx\210x\206wfvGe$\306d\21\26\210ls\210\210\250g\207\210hhx\207xhvwdfF|d\21\27\210\206hx\250\252\206\210\207v\207\210x\207\207gfv4F\306G\21\21\210\206\207\210\212\250\250h\210\207x\210\210wvwgFD$d!\21\21x\250g\210\212\252\250\206\210\207w\210\207\207wvvgBGd\21\21\21\210\212\203\210\250\252\212\210x\210w\210\210xwgcd%F\1\21\21\21\27\212\250\210\212\252\252\210f\210\207x\210\207w7fR@`\21\21\21\21\21\210\2508\212\252\250\250\210gw\21088vvu$$!\21\21\21\21\21\30\210\210\210\212\252\210\206vgw\210\203wsb`\7\21\21\21\21\21\21\21\210\203\210\210\210\210\207vvwwwsf4\7\21\21\21\21\21\21\21\21\30\210\210\210\210\210wGwvwww5\2\21\21\21\21\21\21", 256, ) , 256, ) == 0x0
 00239   452   NtClose  (52, ... ) == 0x0
 00240   452   NtUserQueryWindow  (65724, 0, ... ) == 0x7d8
 00241   452   NtUserQueryWindow  (65724, 1, ... ) == 0x7dc
 00242   452   NtUserQueryWindow  (65722, 0, ... ) == 0x7d8
 00243   452   NtUserQueryWindow  (65722, 1, ... ) == 0x7dc
 00244   452   NtUserQueryWindow  (65720, 0, ... ) == 0x7d8
 00245   452   NtUserQueryWindow  (65720, 1, ... ) == 0x7dc
 00246   452   NtUserQueryWindow  (65718, 0, ... ) == 0x7d8
 00247   452   NtUserQueryWindow  (65718, 1, ... ) == 0x7dc
 00248   452   NtUserQueryWindow  (65716, 0, ... ) == 0x7d8
 00249   452   NtUserQueryWindow  (65716, 1, ... ) == 0x7dc
 00250   452   NtUserQueryWindow  (65712, 0, ... ) == 0x7d8
 00251   452   NtUserQueryWindow  (65712, 1, ... ) == 0x7dc
 00252   452   NtUserQueryWindow  (65710, 0, ... ) == 0x7d8
 00253   452   NtUserQueryWindow  (65710, 1, ... ) == 0x7dc
 00254   452   NtUserQueryWindow  (131170, 0, ... ) == 0x7c8
 00255   452   NtUserQueryWindow  (131170, 1, ... ) == 0x7cc
 00256   452   NtOpenProcess  (0x10, {24, 0, 0x0, 0, 0, 0x0}, {1992, 0}, ... 52, ) == 0x0
 00257   452   NtReadVirtualMemory  (52, 0x400000, 64, ...  (52, 0x400000, 64, ... "MZ\220\0\3\0\0\0\4\0\0\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0", 64, ) , 64, ) == 0x0
 00258   452   NtReadVirtualMemory  (52, 0x4b1c86, 4, ...
 00259   452   NtContinue  (-132023140, 0, ...
 00258   452   NtReadVirtualMemory  ... ) == STATUS_PARTIAL_COPY
 00260   452   NtReadVirtualMemory  (52, 0x4c91a0, 256, ...
 00261   452   NtContinue  (-132023140, 0, ...
 00260   452   NtReadVirtualMemory  ... ) == STATUS_PARTIAL_COPY
 00262   452   NtClose  (52, ... ) == 0x0
 00263   452   NtUserQueryWindow  (131172, 0, ... ) == 0x7e8
 00264   452   NtUserQueryWindow  (131172, 1, ... ) == 0x7ec
 00265   452   NtOpenProcess  (0x10, {24, 0, 0x0, 0, 0, 0x0}, {2024, 0}, ... 52, ) == 0x0
 00266   452   NtReadVirtualMemory  (52, 0x400000, 64, ...  (52, 0x400000, 64, ... "\301\0\0\0\0\1\0\0\377\356\377\356\11\0\0\0\11\0\0\0\0\376\0\0\0\0\20\0\0 \0\0\0\2\0\0\0 \0\0q\0\0\0\377\357\375\177\0\0\10\6\0\0\0\0\0\0\0\0\0\0\0\0", 64, ) , 64, ) == 0x0
 00267   452   NtReadVirtualMemory  (52, 0x4b1c86, 4, ...  (52, 0x4b1c86, 4, ... "\0\0\0\0", 4, ) , 4, ) == 0x0
 00268   452   NtReadVirtualMemory  (52, 0x4c91a0, 256, ...  (52, 0x4c91a0, 256, ... "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 256, ) , 256, ) == 0x0
 00269   452   NtClose  (52, ... ) == 0x0
 00270   452   NtUserQueryWindow  (65742, 0, ... ) == 0x758
 00271   452   NtUserQueryWindow  (65742, 1, ... ) == 0x12c
 00272   452   NtUserQueryWindow  (65730, 0, ... ) == 0x758
 00273   452   NtUserQueryWindow  (65730, 1, ... ) == 0x12c
 00274   452   NtUserQueryWindow  (65728, 0, ... ) == 0x758
 00275   452   NtUserQueryWindow  (65728, 1, ... ) == 0x76c
 00276   452   NtUserQueryWindow  (65708, 0, ... ) == 0x7d0
 00277   452   NtUserQueryWindow  (65708, 1, ... ) == 0x7d4
 00278   452   NtUserQueryWindow  (65644, 0, ... ) == 0x758
 00279   452   NtUserQueryWindow  (65644, 1, ... ) == 0x78c
 00280   452   NtUserQueryWindow  (327760, 0, ... ) == 0x758
 00281   452   NtUserQueryWindow  (327760, 1, ... ) == 0x75c
 00282   452   NtUserQueryWindow  (262228, 0, ... ) == 0x758
 00283   452   NtUserQueryWindow  (262228, 1, ... ) == 0x75c
 00284   452   NtUserQueryWindow  (327758, 0, ... ) == 0x758
 00285   452   NtUserQueryWindow  (327758, 1, ... ) == 0x75c
 00286   452   NtUserQueryWindow  (65662, 0, ... ) == 0x758
 00287   452   NtUserQueryWindow  (65662, 1, ... ) == 0x75c
 00288   452   NtUserQueryWindow  (65654, 0, ... ) == 0x758
 00289   452   NtUserQueryWindow  (65654, 1, ... ) == 0x75c
 00290   452   NtRaiseException  (1242720, 1241980, 1, ...
 00291   452   NtContinue  (1240776, 0, ...
 00292   452   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 52, ) }, ... 52, ) == 0x0
 00293   452   NtOpenMutant  (0x120001, {24, 52, 0x2, 0, 0,  (0x120001, {24, 52, 0x2, 0, 0, "DBWinMutex"}, ... 56, ) }, ... 56, ) == 0x0
 00294   452   NtWaitForSingleObject  (56, 0, 0x0, ... ) == 0x0
 00295   452   NtOpenSection  (0x2, {24, 52, 0x0, 0, 0,  (0x2, {24, 52, 0x0, 0, 0, "DBWIN_BUFFER"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00296   452   NtReleaseMutant  (56, ... 0x0, ) == 0x0
 00297   452   NtDuplicateObject  (-1, 3074, -1, 0x0, 0, 2, ... ) == STATUS_INVALID_HANDLE
 00298   452   NtClose  (0, ... ) == STATUS_INVALID_HANDLE
 00299   452   NtClose  (0, ... ) == STATUS_INVALID_HANDLE
 00300   452   NtTestAlert  (... ) == 0x0
 00301   452   NtContinue  (1244464, 1, ...
 00302   452   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x427b4b,}, 4, ... ) == 0x0
 00303   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00304   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 8716288, 1048576, ) == 0x0
 00305   452   NtAllocateVirtualMemory  (-1, 9756672, 0, 8192, 4096, 4, ... 9756672, 8192, ) == 0x0
 00306   452   NtProtectVirtualMemory  (-1, (0x94e000), 4096, 260, ... (0x94e000), 4096, 4, ) == 0x0
 00307   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 888}, ) == 0x0
 00308   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdd000,Pid=448,Tid=888,}, 0x0, ) == 0x0
 00309   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 65973, 4128831}  (24, {28, 56, new_msg, 0, 0, 0, 65973, 4128831} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0x\3\0\0" ... {28, 56, reply, 0, 448, 452, 1574, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0x\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1574, 0}  (24, {28, 56, new_msg, 0, 0, 0, 65973, 4128831} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0x\3\0\0" ... {28, 56, reply, 0, 448, 452, 1574, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0x\3\0\0" )  ) == 0x0
 00310   452   NtResumeThread  (64, ... 1, ) == 0x0
 00311   452   NtClose  (64, ...
 00312   888   NtTestAlert  (... ) == 0x0
 00313   888   NtContinue  (9764144, 1, ...
 00314   888   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00315   888   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ...
 00311   452   NtClose  ... ) == 0x0
 00316   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00315   888   NtSetInformationThread  ... ) == 0x0
 00317   888   NtSetEvent  (60, ...
 00316   452   NtWaitForSingleObject  ... ) == 0x0
 00318   452   NtClose  (60, ... ) == 0x0
 00319   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00320   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 9764864, 1048576, ) == 0x0
 00321   452   NtAllocateVirtualMemory  (-1, 10805248, 0, 8192, 4096, 4, ... 10805248, 8192, ) == 0x0
 00322   452   NtProtectVirtualMemory  (-1, (0xa4e000), 4096, 260, ... (0xa4e000), 4096, 4, ) == 0x0
 00323   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 892}, ) == 0x0
 00324   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdc000,Pid=448,Tid=892,}, 0x0, ) == 0x0
 00325   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1574, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1574, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0|\3\0\0" ... {28, 56, reply, 0, 448, 452, 1575, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0|\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1575, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1574, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0|\3\0\0" ... {28, 56, reply, 0, 448, 452, 1575, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0|\3\0\0" )  ) == 0x0
 00326   452   NtResumeThread  (64, ... 1, ) == 0x0
 00327   452   NtClose  (64, ...
 00328   892   NtTestAlert  (... ) == 0x0
 00329   892   NtContinue  (10812720, 1, ...
 00330   892   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00331   892   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ...
 00327   452   NtClose  ... ) == 0x0
 00332   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00317   888   NtSetEvent  ... 0x0, ) == 0x0
 00333   888   NtQueryInformationThread  (-2, AmILastThread, 4, ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 00334   888   NtTerminateThread  (0, 0, ...
 00331   892   NtSetInformationThread  ... ) == 0x0
 00335   892   NtSetEvent  (60, ...
 00332   452   NtWaitForSingleObject  ... ) == 0x0
 00336   452   NtClose  (60, ... ) == 0x0
 00337   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00338   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 10813440, 1048576, ) == 0x0
 00339   452   NtAllocateVirtualMemory  (-1, 11853824, 0, 8192, 4096, 4, ... 11853824, 8192, ) == 0x0
 00340   452   NtProtectVirtualMemory  (-1, (0xb4e000), 4096, 260, ... (0xb4e000), 4096, 4, ) == 0x0
 00341   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 896}, ) == 0x0
 00342   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdb000,Pid=448,Tid=896,}, 0x0, ) == 0x0
 00343   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1575, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1575, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\200\3\0\0" ... {28, 56, reply, 0, 448, 452, 1576, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\200\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1576, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1575, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\200\3\0\0" ... {28, 56, reply, 0, 448, 452, 1576, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\200\3\0\0" )  ) == 0x0
 00344   452   NtResumeThread  (64, ... 1, ) == 0x0
 00345   452   NtClose  (64, ...
 00346   896   NtTestAlert  (... ) == 0x0
 00347   896   NtContinue  (11861296, 1, ...
 00348   896   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00349   896   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ...
 00345   452   NtClose  ... ) == 0x0
 00350   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00335   892   NtSetEvent  ... 0x0, ) == 0x0
 00351   892   NtQueryInformationThread  (-2, AmILastThread, 4, ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 00352   892   NtTerminateThread  (0, 0, ...
 00353   892   NtFreeVirtualMemory  (-1, (0x950000), 0, 32768, ... (0x950000), 1048576, ) == 0x0
 00354   888   NtFreeVirtualMemory  (-1, (0x850000), 0, 32768, ... (0x850000), 1048576, ) == 0x0
 00349   896   NtSetInformationThread  ... ) == 0x0
 00355   896   NtSetEvent  (60, ...
 00350   452   NtWaitForSingleObject  ... ) == 0x0
 00356   452   NtClose  (60, ... ) == 0x0
 00357   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00358   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 8716288, 1048576, ) == 0x0
 00359   452   NtAllocateVirtualMemory  (-1, 9756672, 0, 8192, 4096, 4, ... 9756672, 8192, ) == 0x0
 00360   452   NtProtectVirtualMemory  (-1, (0x94e000), 4096, 260, ... (0x94e000), 4096, 4, ) == 0x0
 00361   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 900}, ) == 0x0
 00362   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdd000,Pid=448,Tid=900,}, 0x0, ) == 0x0
 00363   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1576, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1576, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\204\3\0\0" ... {28, 56, reply, 0, 448, 452, 1579, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\204\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1579, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1576, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\204\3\0\0" ... {28, 56, reply, 0, 448, 452, 1579, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\204\3\0\0" )  ) == 0x0
 00364   452   NtResumeThread  (64, ... 1, ) == 0x0
 00365   452   NtClose  (64, ... ) == 0x0
 00366   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00367   900   NtTestAlert  (... ) == 0x0
 00368   900   NtContinue  (9764144, 1, ...
 00369   900   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00370   900   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ... ) == 0x0
 00371   900   NtSetEvent  (60, ...
 00366   452   NtWaitForSingleObject  ... ) == 0x0
 00372   452   NtClose  (60, ... ) == 0x0
 00373   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00374   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 9764864, 1048576, ) == 0x0
 00375   452   NtAllocateVirtualMemory  (-1, 10805248, 0, 8192, 4096, 4, ... 10805248, 8192, ) == 0x0
 00376   452   NtProtectVirtualMemory  (-1, (0xa4e000), 4096, 260, ... (0xa4e000), 4096, 4, ) == 0x0
 00377   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 916}, ) == 0x0
 00378   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdc000,Pid=448,Tid=916,}, 0x0, ) == 0x0
 00379   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1579, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1579, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\224\3\0\0" ... {28, 56, reply, 0, 448, 452, 1580, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\224\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1580, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1579, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\224\3\0\0" ... {28, 56, reply, 0, 448, 452, 1580, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\224\3\0\0" )  ) == 0x0
 00380   452   NtResumeThread  (64, ... 1, ) == 0x0
 00381   452   NtClose  (64, ... ) == 0x0
 00382   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00383   916   NtTestAlert  (... ) == 0x0
 00384   916   NtContinue  (10812720, 1, ...
 00385   916   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00386   916   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ... ) == 0x0
 00387   916   NtSetEvent  (60, ...
 00382   452   NtWaitForSingleObject  ... ) == 0x0
 00388   452   NtClose  (60, ... ) == 0x0
 00389   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00390   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 11862016, 1048576, ) == 0x0
 00391   452   NtAllocateVirtualMemory  (-1, 12902400, 0, 8192, 4096, 4, ... 12902400, 8192, ) == 0x0
 00392   452   NtProtectVirtualMemory  (-1, (0xc4e000), 4096, 260, ... (0xc4e000), 4096, 4, ) == 0x0
 00393   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 920}, ) == 0x0
 00394   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffda000,Pid=448,Tid=920,}, 0x0, ) == 0x0
 00395   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1580, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1580, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\230\3\0\0" ... {28, 56, reply, 0, 448, 452, 1581, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\230\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1581, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1580, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\230\3\0\0" ... {28, 56, reply, 0, 448, 452, 1581, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\230\3\0\0" )  ) == 0x0
 00396   452   NtResumeThread  (64, ... 1, ) == 0x0
 00397   452   NtClose  (64, ... ) == 0x0
 00398   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00399   920   NtTestAlert  (... ) == 0x0
 00400   920   NtContinue  (12909872, 1, ...
 00401   920   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00402   920   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ... ) == 0x0
 00403   920   NtSetEvent  (60, ...
 00398   452   NtWaitForSingleObject  ... ) == 0x0
 00404   452   NtClose  (60, ... ) == 0x0
 00405   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00406   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 12910592, 1048576, ) == 0x0
 00407   452   NtAllocateVirtualMemory  (-1, 13950976, 0, 8192, 4096, 4, ... 13950976, 8192, ) == 0x0
 00408   452   NtProtectVirtualMemory  (-1, (0xd4e000), 4096, 260, ... (0xd4e000), 4096, 4, ) == 0x0
 00409   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 924}, ) == 0x0
 00410   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd9000,Pid=448,Tid=924,}, 0x0, ) == 0x0
 00411   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1581, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1581, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\234\3\0\0" ... {28, 56, reply, 0, 448, 452, 1582, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\234\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1582, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1581, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\234\3\0\0" ... {28, 56, reply, 0, 448, 452, 1582, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\234\3\0\0" )  ) == 0x0
 00412   452   NtResumeThread  (64, ... 1, ) == 0x0
 00413   452   NtClose  (64, ... ) == 0x0
 00414   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00415   924   NtTestAlert  (... ) == 0x0
 00416   924   NtContinue  (13958448, 1, ...
 00417   924   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00418   924   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ... ) == 0x0
 00419   924   NtSetEvent  (60, ...
 00414   452   NtWaitForSingleObject  ... ) == 0x0
 00420   452   NtClose  (60, ... ) == 0x0
 00421   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00422   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 13959168, 1048576, ) == 0x0
 00423   452   NtAllocateVirtualMemory  (-1, 14999552, 0, 8192, 4096, 4, ... 14999552, 8192, ) == 0x0
 00424   452   NtProtectVirtualMemory  (-1, (0xe4e000), 4096, 260, ... (0xe4e000), 4096, 4, ) == 0x0
 00425   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 928}, ) == 0x0
 00426   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd8000,Pid=448,Tid=928,}, 0x0, ) == 0x0
 00427   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1582, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1582, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\240\3\0\0" ... {28, 56, reply, 0, 448, 452, 1583, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\240\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1583, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1582, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\240\3\0\0" ... {28, 56, reply, 0, 448, 452, 1583, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\240\3\0\0" )  ) == 0x0
 00428   452   NtResumeThread  (64, ... 1, ) == 0x0
 00429   452   NtClose  (64, ... ) == 0x0
 00430   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00431   928   NtTestAlert  (... ) == 0x0
 00432   928   NtContinue  (15007024, 1, ...
 00433   928   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00434   928   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ... ) == 0x0
 00435   928   NtSetEvent  (60, ...
 00430   452   NtWaitForSingleObject  ... ) == 0x0
 00436   452   NtClose  (60, ... ) == 0x0
 00437   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00438   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 15007744, 1048576, ) == 0x0
 00439   452   NtAllocateVirtualMemory  (-1, 16048128, 0, 8192, 4096, 4, ... 16048128, 8192, ) == 0x0
 00440   452   NtProtectVirtualMemory  (-1, (0xf4e000), 4096, 260, ... (0xf4e000), 4096, 4, ) == 0x0
 00441   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 932}, ) == 0x0
 00442   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd7000,Pid=448,Tid=932,}, 0x0, ) == 0x0
 00443   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1583, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1583, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\244\3\0\0" ... {28, 56, reply, 0, 448, 452, 1584, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\244\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1584, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1583, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\244\3\0\0" ... {28, 56, reply, 0, 448, 452, 1584, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\244\3\0\0" )  ) == 0x0
 00444   452   NtResumeThread  (64, ... 1, ) == 0x0
 00445   452   NtClose  (64, ... ) == 0x0
 00446   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00447   932   NtTestAlert  (... ) == 0x0
 00448   932   NtContinue  (16055600, 1, ...
 00449   932   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00450   932   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ... ) == 0x0
 00451   932   NtSetEvent  (60, ...
 00446   452   NtWaitForSingleObject  ... ) == 0x0
 00452   452   NtClose  (60, ... ) == 0x0
 00453   452   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 60, ) == 0x0
 00454   452   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 16056320, 1048576, ) == 0x0
 00455   452   NtAllocateVirtualMemory  (-1, 17096704, 0, 8192, 4096, 4, ... 17096704, 8192, ) == 0x0
 00456   452   NtProtectVirtualMemory  (-1, (0x104e000), 4096, 260, ... (0x104e000), 4096, 4, ) == 0x0
 00457   452   NtCreateThread  (0x1f03ff, 0x0, -1, 1244272, 1244988, 1, ... 64, {448, 936}, ) == 0x0
 00458   452   NtQueryInformationThread  (64, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd6000,Pid=448,Tid=936,}, 0x0, ) == 0x0
 00459   452   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 452, 1584, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1584, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\250\3\0\0" ... {28, 56, reply, 0, 448, 452, 1585, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\250\3\0\0" )  ... {28, 56, reply, 0, 448, 452, 1585, 0}  (24, {28, 56, new_msg, 0, 448, 452, 1584, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\250\3\0\0" ... {28, 56, reply, 0, 448, 452, 1585, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0@\0\0\0\300\1\0\0\250\3\0\0" )  ) == 0x0
 00460   452   NtResumeThread  (64, ... 1, ) == 0x0
 00461   452   NtClose  (64, ... ) == 0x0
 00462   452   NtWaitForSingleObject  (60, 0, 0x0, ...
 00463   936   NtTestAlert  (... ) == 0x0
 00464   936   NtContinue  (17104176, 1, ...
 00465   936   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00466   936   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ... ) == 0x0
 00467   936   NtSetEvent  (60, ...
 00462   452   NtWaitForSingleObject  ... ) == 0x0
 00468   452   NtClose  (60, ... ) == 0x0
 00467   936   NtSetEvent  ... 0x0, ) == 0x0
 00469   936   NtQueryInformationThread  (-2, AmILastThread, 4, ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 00470   452   NtAllocateVirtualMemory  (-1, 0, 0, 90087, 4096, 4, ... 17104896, 90112, ) == 0x0
 00471   936   NtTerminateThread  (0, 0, ...
 00451   932   NtSetEvent  ... 0x0, ) == 0x0
 00435   928   NtSetEvent  ... 0x0, ) == 0x0
 00419   924   NtSetEvent  ... 0x0, ) == 0x0
 00403   920   NtSetEvent  ... 0x0, ) == 0x0
 00387   916   NtSetEvent  ... 0x0, ) == 0x0
 00371   900   NtSetEvent  ... 0x0, ) == 0x0
 00355   896   NtSetEvent  ... 0x0, ) == 0x0
 00472   932   NtQueryInformationThread  (-2, AmILastThread, 4, ...
 00473   928   NtContinue  (15006936, 0, ...
 00474   924   NtContinue  (13956284, 0, ...
 00475   920   NtQueryInformationThread  (-2, AmILastThread, 4, ...
 00476   916   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ...
 00477   900   NtQueryInformationThread  (-2, AmILastThread, 4, ...
 00478   452   NtFreeVirtualMemory  (-1, (0x1050000), 90087, 4, ...
 00479   896   NtContinue  (11861204, 0, ...
 00472   932   NtQueryInformationThread  ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 00480   928   NtContinue  (15006936, 0, ...
 00481   924   NtContinue  (13956284, 0, ...
 00475   920   NtQueryInformationThread  ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 00476   916   NtCreateEvent  ... 60, ) == 0x0
 00478   452   NtFreeVirtualMemory  ... ) == STATUS_INVALID_PARAMETER_4
 00477   900   NtQueryInformationThread  ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 00482   896   NtContinue  (11861204, 0, ...
 00483   932   NtTerminateThread  (0, 0, ...
 00484   928   NtContinue  (15006936, 0, ...
 00485   924   NtContinue  (13956284, 0, ...
 00486   920   NtTerminateThread  (0, 0, ...
 00487   452   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... }, ...
 00488   916   NtCallbackReturn  (0, 0, 0, ...
 00489   900   NtTerminateThread  (0, 0, ...
 00490   896   NtContinue  (11861204, 0, ...
 00491   936   NtFreeVirtualMemory  (-1, (0xf50000), 0, 32768, ...
 00492   932   NtFreeVirtualMemory  (-1, (0xe50000), 0, 32768, ...
 00493   928   NtContinue  (15006936, 0, ...
 00494   924   NtContinue  (13956284, 0, ...
 00487   452   NtOpenKey  ... 64, ) == 0x0
 00495   920   NtFreeVirtualMemory  (-1, (0xb50000), 0, 32768, ...
 00496   916   NtUserFindWindowEx  (0, 0,  (0, 0, "OLLYDBG", 0x0, 0, ... , 0x0, 0, ...
 00497   900   NtFreeVirtualMemory  (-1, (0x850000), 0, 32768, ...
 00491   936   NtFreeVirtualMemory  ... (0xf50000), 1048576, ) == 0x0
 00492   932   NtFreeVirtualMemory  ... (0xe50000), 1048576, ) == 0x0
 00498   928   NtContinue  (15006936, 0, ...
 00495   920   NtFreeVirtualMemory  ... (0xb50000), 1048576, ) == 0x0
 00499   452   NtQueryValueKey  (64,  (64, "SafeDllSearchMode", Partial, 16, ... , Partial, 16, ...
 00500   924   NtContinue  (13956284, 0, ...
 00497   900   NtFreeVirtualMemory  ... (0x850000), 1048576, ) == 0x0
 00496   916   NtUserFindWindowEx  ... ) == 0x0
 00499   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00501   928   NtContinue  (15006936, 0, ...
 00502   924   NtContinue  (13956284, 0, ...
 00503   452   NtClose  (64, ...
 00504   916   NtUserFindWindowEx  (0, 0,  (0, 0, "WispWindowClass", 0x0, 0, ... , 0x0, 0, ...
 00505   928   NtContinue  (15006936, 0, ...
 00503   452   NtClose  ... ) == 0x0
 00506   924   NtContinue  (13956284, 0, ...
 00504   916   NtUserFindWindowEx  ... ) == 0x0
 00507   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "MSVCRT.dll"}, ... }, ...
 00508   928   NtContinue  (15006936, 0, ...
 00509   924   NtContinue  (13956284, 0, ...
 00507   452   NtOpenSection  ... 64, ) == 0x0
 00510   916   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 00511   928   NtContinue  (15006936, 0, ...
 00512   452   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 00513   924   NtContinue  (13956284, 0, ...
 00510   916   NtCreateEvent  ... 68, ) == 0x0
 00514   896   NtContinue  (11861204, 0, ...
 00512   452   NtMapViewOfSection  ... (0x77c10000), 0x0, 339968, ) == 0x0
 00515   928   NtContinue  (15006936, 0, ...
 00516   924   NtContinue  (13956284, 0, ...
 00517   452   NtClose  (64, ...
 00518   896   NtContinue  (11861204, 0, ...
 00519   928   NtContinue  (15006936, 0, ...
 00517   452   NtClose  ... ) == 0x0
 00520   924   NtContinue  (13956284, 0, ...
 00521   896   NtContinue  (11861204, 0, ...
 00522   452   NtQuerySystemInformation  (Basic, 44, ...
 00523   928   NtContinue  (15006936, 0, ...
 00524   924   NtContinue  (13956284, 0, ...
 00522   452   NtQuerySystemInformation  ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00525   896   NtContinue  (11861204, 0, ...
 00526   928   NtContinue  (15006936, 0, ...
 00527   452   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ...
 00528   924   NtContinue  (13956284, 0, ...
 00529   896   NtContinue  (11861204, 0, ...
 00527   452   NtAllocateVirtualMemory  ... 8716288, 65536, ) == 0x0
 00530   928   NtContinue  (15006936, 0, ...
 00531   924   NtContinue  (13956284, 0, ...
 00532   452   NtAllocateVirtualMemory  (-1, 8716288, 0, 4096, 4096, 4, ...
 00533   896   NtContinue  (11861204, 0, ...
 00534   928   NtContinue  (15006936, 0, ...
 00532   452   NtAllocateVirtualMemory  ... 8716288, 4096, ) == 0x0
 00535   924   NtContinue  (13956284, 0, ...
 00536   916   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 00537   896   NtContinue  (11861204, 0, ...
 00538   452   NtAllocateVirtualMemory  (-1, 8720384, 0, 8192, 4096, 4, ...
 00539   928   NtContinue  (15006936, 0, ...
 00536   916   NtAllocateVirtualMemory  ... 11862016, 1048576, ) == 0x0
 00538   452   NtAllocateVirtualMemory  ... 8720384, 8192, ) == 0x0
 00540   896   NtContinue  (11861204, 0, ...
 00541   928   NtContinue  (15006936, 0, ...
 00542   452   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... }, ...
 00543   916   NtAllocateVirtualMemory  (-1, 12902400, 0, 8192, 4096, 4, ...
 00544   896   NtContinue  (11861204, 0, ...
 00542   452   NtOpenSection  ... 64, ) == 0x0
 00545   928   NtContinue  (15006936, 0, ...
 00543   916   NtAllocateVirtualMemory  ... 12902400, 8192, ) == 0x0
 00546   452   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ...
 00547   896   NtContinue  (11861204, 0, ...
 00548   928   NtContinue  (15006936, 0, ...
 00546   452   NtMapViewOfSection  ... (0x860000), 0x0, 12288, ) == 0x0
 00549   916   NtProtectVirtualMemory  (-1, (0xc4e000), 4096, 260, ...
 00550   896   NtContinue  (11861204, 0, ...
 00551   452   NtClose  (64, ...
 00552   928   NtContinue  (15006936, 0, ...
 00549   916   NtProtectVirtualMemory  ... (0xc4e000), 4096, 4, ) == 0x0
 00551   452   NtClose  ... ) == 0x0
 00553   896   NtContinue  (11861204, 0, ...
 00554   928   NtContinue  (15006936, 0, ...
 00555   924   NtContinue  (13956284, 0, ...
 00556   452   NtAllocateVirtualMemory  (-1, 8728576, 0, 4096, 4096, 4, ...
 00557   916   NtCreateThread  (0x1f03ff, 0x0, -1, 10812468, 10813184, 1, ...
 00558   896   NtContinue  (11861204, 0, ...
 00556   452   NtAllocateVirtualMemory  ... 8728576, 4096, ) == 0x0
 00559   924   NtContinue  (13956284, 0, ...
 00557   916   NtCreateThread  ... 64, {448, 940}, ) == 0x0
 00560   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2_32.dll"}, ... }, ...
 00561   896   NtContinue  (11861204, 0, ...
 00562   924   NtContinue  (13956284, 0, ...
 00560   452   NtOpenSection  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00563   916   NtQueryInformationThread  (64, Basic, 28, ...
 00564   896   NtContinue  (11861204, 0, ...
 00565   928   NtContinue  (15006936, 0, ...
 00566   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2_32.dll"}, 1243056, ... }, 1243056, ...
 00563   916   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffdd000,Pid=448,Tid=940,}, 0x0, ) == 0x0
 00567   896   NtContinue  (11861204, 0, ...
 00568   928   NtContinue  (15006936, 0, ...
 00569   916   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 1329336, 0}  (24, {28, 56, new_msg, 0, 0, 0, 1329336, 0} "\0\0\0\0\1\0\1\0\20\0\0\0\351\0\0\0@\0\0\0\300\1\0\0\254\3\0\0" ...  ...
 00570   896   NtContinue  (11861204, 0, ...
 00571   928   NtContinue  (15006936, 0, ...
 00572   896   NtContinue  (11861204, 0, ...
 00573   928   NtContinue  (15006936, 0, ...
 00574   924   NtContinue  (13956284, 0, ...
 00569   916   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 448, 916, 1590, 0}  ... {28, 56, reply, 0, 448, 916, 1590, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\351\0\0\0@\0\0\0\300\1\0\0\254\3\0\0" )  ) == 0x0
 00575   928   NtContinue  (15006936, 0, ...
 00576   924   NtContinue  (13956284, 0, ...
 00577   916   NtResumeThread  (64, ...
 00566   452   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00578   928   NtContinue  (15006936, 0, ...
 00579   924   NtContinue  (13956284, 0, ...
 00580   452   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2_32.dll"}, 1243056, ... }, 1243056, ...
 00581   940   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 00577   916   NtResumeThread  ... 1, ) == 0x0
 00582   896   NtContinue  (11861204, 0, ...
 00581   940   NtCreateEvent  ... 72, ) == 0x0
 00583   924   NtContinue  (13956284, 0, ...
 00584   916   NtClose  (64, ...
 00585   940   NtWaitForSingleObject  (72, 0, 0x0, ...
 00586   896   NtContinue  (11861204, 0, ...
 00587   924   NtContinue  (13956284, 0, ...
 00584   916   NtClose  ... ) == 0x0
 00588   896   NtContinue  (11861204, 0, ...
 00589   924   NtContinue  (13956284, 0, ...
 00590   916   NtWaitForSingleObject  (68, 0, 0x0, ...
 00591   896   NtContinue  (11861204, 0, ...
 00592   928   NtContinue  (15006936, 0, ...
 00593   924   NtContinue  (13956284, 0, ...
 00594   896   NtContinue  (11861204, 0, ...
 00595   928   NtContinue  (15006936, 0, ...
 00596   924   NtContinue  (13956284, 0, ...
 00597   896   NtContinue  (11861204, 0, ...
 00598   928   NtContinue  (15006936, 0, ...
 00599   924   NtContinue  (13956284, 0, ...
 00600   924   NtContinue  (13956284, 0, ...
 00601   924   NtContinue  (13956284, 0, ...
 00602   924   NtContinue  (13956284, 0, ...
 00603   924   NtContinue  (13956284, 0, ...
 00604   924   NtContinue  (13956284, 0, ...
 00605   924   NtContinue  (13956284, 0, ...
 00606   924   NtContinue  (13956284, 0, ...
 00607   924   NtContinue  (13956284, 0, ...
 00608   924   NtContinue  (13956284, 0, ...
 00609   928   NtContinue  (15006936, 0, ...
 00610   896   NtContinue  (11861204, 0, ...
 00611   928   NtContinue  (15006936, 0, ...
 00612   896   NtContinue  (11861204, 0, ...
 00613   928   NtContinue  (15006936, 0, ...
 00614   896   NtContinue  (11861204, 0, ...
 00615   928   NtContinue  (15006936, 0, ...
 00616   896   NtContinue  (11861204, 0, ...
 00617   928   NtContinue  (15006936, 0, ...
 00618   896   NtContinue  (11861204, 0, ...
 00619   928   NtContinue  (15006936, 0, ...
 00620   896   NtContinue  (11861204, 0, ...
 00621   924   NtContinue  (13956284, 0, ...
 00622   928   NtContinue  (15006936, 0, ...
 00623   924   NtContinue  (13956284, 0, ...
 00624   928   NtContinue  (15006936, 0, ...
 00625   924   NtContinue  (13956284, 0, ...
 00626   928   NtContinue  (15006936, 0, ...
 00627   924   NtContinue  (13956284, 0, ...
 00628   928   NtContinue  (15006936, 0, ...
 00629   924   NtContinue  (13956284, 0, ...
 00630   928   NtContinue  (15006936, 0, ...
 00631   924   NtContinue  (13956284, 0, ...
 00632   928   NtContinue  (15006936, 0, ...
 00633   896   NtContinue  (11861204, 0, ...
 00634   924   NtContinue  (13956284, 0, ...
 00635   896   NtContinue  (11861204, 0, ...
 00636   924   NtContinue  (13956284, 0, ...
 00637   896   NtContinue  (11861204, 0, ...
 00638   924   NtContinue  (13956284, 0, ...
 00639   896   NtContinue  (11861204, 0, ...
 00640   924   NtContinue  (13956284, 0, ...
 00641   896   NtContinue  (11861204, 0, ...
 00642   924   NtContinue  (13956284, 0, ...
 00643   896   NtContinue  (11861204, 0, ...
 00644   924   NtContinue  (13956284, 0, ...
 00645   928   NtContinue  (15006936, 0, ...
 00646   896   NtContinue  (11861204, 0, ...
 00647   928   NtContinue  (15006936, 0, ...
 00648   896   NtContinue  (11861204, 0, ...
 00649   928   NtContinue  (15006936, 0, ...
 00650   896   NtContinue  (11861204, 0, ...
 00651   928   NtContinue  (15006936, 0, ...
 00652   896   NtContinue  (11861204, 0, ...
 00653   928   NtContinue  (15006936, 0, ...
 00654   896   NtContinue  (11861204, 0, ...
 00655   928   NtContinue  (15006936, 0, ...
 00656   896   NtContinue  (11861204, 0, ...
 00657   924   NtContinue  (13956284, 0, ...
 00658   928   NtContinue  (15006936, 0, ...
 00659   924   NtContinue  (13956284, 0, ...
 00660   928   NtContinue  (15006936, 0, ...
 00661   924   NtContinue  (13956284, 0, ...
 00662   928   NtContinue  (15006936, 0, ...
 00663   924   NtContinue  (13956284, 0, ...
 00664   928   NtContinue  (15006936, 0, ...
 00665   924   NtContinue  (13956284, 0, ...
 00666   928   NtContinue  (15006936, 0, ...
 00667   924   NtContinue  (13956284, 0, ...
 00668   928   NtContinue  (15006936, 0, ...
 00669   896   NtContinue  (11861204, 0, ...
 00670   924   NtContinue  (13956284, 0, ...
 00671   896   NtContinue  (11861204, 0, ...
 00672   924   NtContinue  (13956284, 0, ...
 00673   896   NtContinue  (11861204, 0, ...
 00674   924   NtContinue  (13956284, 0, ...
 00675   896   NtContinue  (11861204, 0, ...
 00676   924   NtContinue  (13956284, 0, ...
 00677   896   NtContinue  (11861204, 0, ...
 00678   924   NtContinue  (13956284, 0, ...
 00679   896   NtContinue  (11861204, 0, ...
 00680   924   NtContinue  (13956284, 0, ...
 00681   928   NtContinue  (15006936, 0, ...
 00682   896   NtContinue  (11861204, 0, ...
 00683   928   NtContinue  (15006936, 0, ...
 00684   896   NtContinue  (11861204, 0, ...
 00685   928   NtContinue  (15006936, 0, ...
 00686   896   NtContinue  (11861204, 0, ...
 00687   928   NtContinue  (15006936, 0, ...
 00688   896   NtContinue  (11861204, 0, ...
 00689   928   NtContinue  (15006936, 0, ...
 00690   896   NtContinue  (11861204, 0, ...
 00691   928   NtContinue  (15006936, 0, ...
 00692   896   NtContinue  (11861204, 0, ...
 00693   924   NtContinue  (13956284, 0, ...
 00694   928   NtContinue  (15006936, 0, ...
 00695   924   NtContinue  (13956284, 0, ...
 00696   928   NtContinue  (15006936, 0, ...
 00697   924   NtContinue  (13956284, 0, ...
 00698   928   NtContinue  (15006936, 0, ...
 00699   924   NtContinue  (13956284, 0, ...
 00700   928   NtContinue  (15006936, 0, ...
 00701   924   NtContinue  (13956284, 0, ...
 00702   928   NtContinue  (15006936, 0, ...
 00703   924   NtContinue  (13956284, 0, ...
 00704   928   NtContinue  (15006936, 0, ...
 00705   896   NtContinue  (11861204, 0, ...
 00706   924   NtContinue  (13956284, 0, ...
 00707   896   NtContinue  (11861204, 0, ...
 00708   924   NtContinue  (13956284, 0, ...
 00709   896   NtContinue  (11861204, 0, ...
 00710   924   NtContinue  (13956284, 0, ...
 00711   896   NtContinue  (11861204, 0, ...
 00712   924   NtContinue  (13956284, 0, ...
 00713   896   NtContinue  (11861204, 0, ...
 00714   924   NtContinue  (13956284, 0, ...
 00715   896   NtContinue  (11861204, 0, ...
 00716   924   NtContinue  (13956284, 0, ...
 00717   928   NtContinue  (15006936, 0, ...
 00718   896   NtContinue  (11861204, 0, ...
 00719   928   NtContinue  (15006936, 0, ...
 00720   896   NtContinue  (11861204, 0, ...
 00721   928   NtContinue  (15006936, 0, ...
 00722   896   NtContinue  (11861204, 0, ...
 00723   928   NtContinue  (15006936, 0, ...
 00724   896   NtContinue  (11861204, 0, ...
 00725   928   NtContinue  (15006936, 0, ...
 00726   896   NtContinue  (11861204, 0, ...
 00727   928   NtContinue  (15006936, 0, ...
 00728   896   NtContinue  (11861204, 0, ...
 00729   924   NtContinue  (13956284, 0, ...
 00730   928   NtContinue  (15006936, 0, ...
 00731   924   NtContinue  (13956284, 0, ...
 00732   928   NtContinue  (15006936, 0, ...
 00733   924   NtContinue  (13956284, 0, ...
 00734   928   NtContinue  (15006936, 0, ...
 00735   924   NtContinue  (13956284, 0, ...
 00736   928   NtContinue  (15006936, 0, ...
 00737   924   NtContinue  (13956284, 0, ...
 00738   928   NtContinue  (15006936, 0, ...
 00739   924   NtContinue  (13956284, 0, ...
 00740   928   NtContinue  (15006936, 0, ...
 00741   896   NtContinue  (11861204, 0, ...
 00742   924   NtContinue  (13956284, 0, ...
 00743   896   NtContinue  (11861204, 0, ...
 00744   924   NtContinue  (13956284, 0, ...
 00745   896   NtContinue  (11861204, 0, ...
 00746   924   NtContinue  (13956284, 0, ...
 00747   896   NtContinue  (11861204, 0, ...
 00748   924   NtContinue  (13956284, 0, ...
 00749   896   NtContinue  (11861204, 0, ...
 00750   924   NtContinue  (13956284, 0, ...
 00751   896   NtContinue  (11861204, 0, ...
 00752   924   NtContinue  (13956284, 0, ...
 00753   928   NtContinue  (15006936, 0, ...
 00754   896   NtContinue  (11861204, 0, ...
 00755   928   NtContinue  (15006936, 0, ...
 00756   896   NtContinue  (11861204, 0, ...
 00757   928   NtContinue  (15006936, 0, ...
 00758   896   NtContinue  (11861204, 0, ...
 00759   928   NtContinue  (15006936, 0, ...
 00760   896   NtContinue  (11861204, 0, ...
 00761   928   NtContinue  (15006936, 0, ...
 00762   896   NtContinue  (11861204, 0, ...
 00763   928   NtContinue  (15006936, 0, ...
 00764   896   NtContinue  (11861204, 0, ...
 00765   924   NtContinue  (13956284, 0, ...
 00766   928   NtContinue  (15006936, 0, ...
 00767   924   NtContinue  (13956284, 0, ...
 00768   928   NtContinue  (15006936, 0, ...
 00769   924   NtContinue  (13956284, 0, ...
 00770   928   NtContinue  (15006936, 0, ...
 00771   924   NtContinue  (13956284, 0, ...
 00772   928   NtContinue  (15006936, 0, ...
 00773   924   NtContinue  (13956284, 0, ...
 00774   928   NtContinue  (15006936, 0, ...
 00775   924   NtContinue  (13956284, 0, ...
 00776   928   NtContinue  (15006936, 0, ...
 00777   896   NtContinue  (11861204, 0, ...
 00778   924   NtContinue  (13956284, 0, ...
 00779   896   NtContinue  (11861204, 0, ...
 00780   924   NtContinue  (13956284, 0, ...
 00781   896   NtContinue  (11861204, 0, ...
 00782   924   NtContinue  (13956284, 0, ...
 00783   896   NtContinue  (11861204, 0, ...
 00784   924   NtContinue  (13956284, 0, ...
 00785   896   NtContinue  (11861204, 0, ...
 00786   924   NtContinue  (13956284, 0, ...
 00787   896   NtContinue  (11861204, 0, ...
 00788   924   NtContinue  (13956284, 0, ...
 00789   928   NtContinue  (15006936, 0, ...
 00790   896   NtContinue  (11861204, 0, ...
 00791   928   NtContinue  (15006936, 0, ...
 00792   896   NtContinue  (11861204, 0, ...
 00793   928   NtContinue  (15006936, 0, ...
 00794   896   NtContinue  (11861204, 0, ...
 00795   928   NtContinue  (15006936, 0, ...
 00796   896   NtContinue  (11861204, 0, ...
 00797   928   NtContinue  (15006936, 0, ...
 00798   896   NtContinue  (11861204, 0, ...
 00799   928   NtContinue  (15006936, 0, ...
 00800   896   NtContinue  (11861204, 0, ...
 00801   924   NtContinue  (13956284, 0, ...
 00802   928   NtContinue  (15006936, 0, ...
 00803   924   NtContinue  (13956284, 0, ...
 00804   928   NtContinue  (15006936, 0, ...
 00805   924   NtContinue  (13956284, 0, ...
 00806   928   NtContinue  (15006936, 0, ...
 00807   924   NtContinue  (13956284, 0, ...
 00808   928   NtContinue  (15006936, 0, ...
 00809   924   NtContinue  (13956284, 0, ...
 00810   928   NtContinue  (15006936, 0, ...
 00811   924   NtContinue  (13956284, 0, ...
 00812   928   NtContinue  (15006936, 0, ...
 00813   896   NtContinue  (11861204, 0, ...
 00814   924   NtContinue  (13956284, 0, ...
 00815   896   NtContinue  (11861204, 0, ...
 00580   452   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00816   924   NtContinue  (13956284, 0, ...
 00817   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 1243056, ... }, 1243056, ...
 00818   896   NtContinue  (11861204, 0, ...
 00817   452   NtQueryAttributesFile  ... ) == 0x0
 00819   924   NtContinue  (13956284, 0, ...
 00820   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 5, 96, ... }, 5, 96, ...
 00821   896   NtContinue  (11861204, 0, ...
 00820   452   NtOpenFile  ... 64, {status=0x0, info=1}, ) == 0x0
 00822   924   NtContinue  (13956284, 0, ...
 00823   452   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 64, ...
 00824   896   NtContinue  (11861204, 0, ...
 00823   452   NtCreateSection  ... 76, ) == 0x0
 00825   924   NtContinue  (13956284, 0, ...
 00826   452   NtQuerySection  (76, Image, 48, ...
 00827   896   NtContinue  (11861204, 0, ...
 00826   452   NtQuerySection  ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00828   924   NtContinue  (13956284, 0, ...
 00829   928   NtContinue  (15006936, 0, ...
 00830   452   NtOpenProcessToken  (-1, 0x8, ...
 00831   896   NtContinue  (11861204, 0, ...
 00830   452   NtOpenProcessToken  ... 80, ) == 0x0
 00832   928   NtContinue  (15006936, 0, ...
 00833   452   NtQueryInformationToken  (80, User, 136, ...
 00834   896   NtContinue  (11861204, 0, ...
 00833   452   NtQueryInformationToken  ... {token info, class 1, size 36}, 36, ) == 0x0
 00835   928   NtContinue  (15006936, 0, ...
 00836   452   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... }, ...
 00837   896   NtContinue  (11861204, 0, ...
 00838   928   NtContinue  (15006936, 0, ...
 00839   896   NtContinue  (11861204, 0, ...
 00836   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00840   928   NtContinue  (15006936, 0, ...
 00841   452   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... }, ...
 00842   896   NtContinue  (11861204, 0, ...
 00841   452   NtOpenKey  ... 84, ) == 0x0
 00843   928   NtContinue  (15006936, 0, ...
 00844   452   NtQueryValueKey  (84,  (84, "TransparentEnabled", Partial, 80, ... , Partial, 80, ...
 00845   896   NtContinue  (11861204, 0, ...
 00846   924   NtContinue  (13956284, 0, ...
 00844   452   NtQueryValueKey  ... TitleIdx=0, Type=4, Data= ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00847   928   NtContinue  (15006936, 0, ...
 00848   452   NtClose  (84, ...
 00849   924   NtContinue  (13956284, 0, ...
 00848   452   NtClose  ... ) == 0x0
 00850   928   NtContinue  (15006936, 0, ...
 00851   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ...
 00852   924   NtContinue  (13956284, 0, ...
 00851   452   NtOpenThreadTokenEx  ... ) == STATUS_NO_TOKEN
 00853   928   NtContinue  (15006936, 0, ...
 00854   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ...
 00855   924   NtContinue  (13956284, 0, ...
 00854   452   NtOpenProcessTokenEx  ... 84, ) == 0x0
 00856   928   NtContinue  (15006936, 0, ...
 00857   452   NtQueryInformationToken  (84, User, 80, ...
 00858   924   NtContinue  (13956284, 0, ...
 00857   452   NtQueryInformationToken  ... {token info, class 1, size 36}, 36, ) == 0x0
 00859   928   NtContinue  (15006936, 0, ...
 00860   452   NtClose  (84, ...
 00861   924   NtContinue  (13956284, 0, ...
 00860   452   NtClose  ... ) == 0x0
 00862   928   NtContinue  (15006936, 0, ...
 00863   896   NtContinue  (11861204, 0, ...
 00864   452   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... }, ...
 00865   924   NtContinue  (13956284, 0, ...
 00864   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00866   896   NtContinue  (11861204, 0, ...
 00867   452   NtClose  (80, ...
 00868   924   NtContinue  (13956284, 0, ...
 00867   452   NtClose  ... ) == 0x0
 00869   896   NtContinue  (11861204, 0, ...
 00870   452   NtClose  (64, ...
 00871   924   NtContinue  (13956284, 0, ...
 00870   452   NtClose  ... ) == 0x0
 00872   896   NtContinue  (11861204, 0, ...
 00873   452   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 00874   924   NtContinue  (13956284, 0, ...
 00873   452   NtMapViewOfSection  ... (0x71ab0000), 0x0, 86016, ) == 0x0
 00875   896   NtContinue  (11861204, 0, ...
 00876   452   NtClose  (76, ...
 00877   924   NtContinue  (13956284, 0, ...
 00876   452   NtClose  ... ) == 0x0
 00878   896   NtContinue  (11861204, 0, ...
 00879   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2HELP.dll"}, ... }, ...
 00880   924   NtContinue  (13956284, 0, ...
 00881   928   NtContinue  (15006936, 0, ...
 00879   452   NtOpenSection  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00882   896   NtContinue  (11861204, 0, ...
 00883   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2HELP.dll"}, 1242252, ... }, 1242252, ...
 00884   928   NtContinue  (15006936, 0, ...
 00885   896   NtContinue  (11861204, 0, ...
 00886   928   NtContinue  (15006936, 0, ...
 00887   896   NtContinue  (11861204, 0, ...
 00888   928   NtContinue  (15006936, 0, ...
 00889   896   NtContinue  (11861204, 0, ...
 00890   928   NtContinue  (15006936, 0, ...
 00891   896   NtContinue  (11861204, 0, ...
 00892   928   NtContinue  (15006936, 0, ...
 00893   896   NtContinue  (11861204, 0, ...
 00894   924   NtContinue  (13956284, 0, ...
 00895   928   NtContinue  (15006936, 0, ...
 00896   924   NtContinue  (13956284, 0, ...
 00897   928   NtContinue  (15006936, 0, ...
 00898   924   NtContinue  (13956284, 0, ...
 00899   928   NtContinue  (15006936, 0, ...
 00900   924   NtContinue  (13956284, 0, ...
 00901   928   NtContinue  (15006936, 0, ...
 00902   924   NtContinue  (13956284, 0, ...
 00903   928   NtContinue  (15006936, 0, ...
 00904   924   NtContinue  (13956284, 0, ...
 00905   928   NtContinue  (15006936, 0, ...
 00906   896   NtContinue  (11861204, 0, ...
 00907   924   NtContinue  (13956284, 0, ...
 00908   896   NtContinue  (11861204, 0, ...
 00909   924   NtContinue  (13956284, 0, ...
 00910   896   NtContinue  (11861204, 0, ...
 00911   924   NtContinue  (13956284, 0, ...
 00912   896   NtContinue  (11861204, 0, ...
 00913   924   NtContinue  (13956284, 0, ...
 00914   896   NtContinue  (11861204, 0, ...
 00915   924   NtContinue  (13956284, 0, ...
 00916   896   NtContinue  (11861204, 0, ...
 00917   924   NtContinue  (13956284, 0, ...
 00918   928   NtContinue  (15006936, 0, ...
 00919   896   NtContinue  (11861204, 0, ...
 00920   928   NtContinue  (15006936, 0, ...
 00921   896   NtContinue  (11861204, 0, ...
 00922   928   NtContinue  (15006936, 0, ...
 00923   896   NtContinue  (11861204, 0, ...
 00924   928   NtContinue  (15006936, 0, ...
 00925   896   NtContinue  (11861204, 0, ...
 00926   928   NtContinue  (15006936, 0, ...
 00927   896   NtContinue  (11861204, 0, ...
 00928   928   NtContinue  (15006936, 0, ...
 00929   896   NtContinue  (11861204, 0, ...
 00930   924   NtContinue  (13956284, 0, ...
 00931   928   NtContinue  (15006936, 0, ...
 00932   924   NtContinue  (13956284, 0, ...
 00933   928   NtContinue  (15006936, 0, ...
 00934   924   NtContinue  (13956284, 0, ...
 00935   928   NtContinue  (15006936, 0, ...
 00936   924   NtContinue  (13956284, 0, ...
 00937   928   NtContinue  (15006936, 0, ...
 00938   924   NtContinue  (13956284, 0, ...
 00939   928   NtContinue  (15006936, 0, ...
 00940   924   NtContinue  (13956284, 0, ...
 00941   928   NtContinue  (15006936, 0, ...
 00942   896   NtContinue  (11861204, 0, ...
 00943   924   NtContinue  (13956284, 0, ...
 00944   896   NtContinue  (11861204, 0, ...
 00945   924   NtContinue  (13956284, 0, ...
 00946   896   NtContinue  (11861204, 0, ...
 00947   924   NtContinue  (13956284, 0, ...
 00948   928   NtContinue  (15006936, 0, ...
 00949   924   NtContinue  (13956284, 0, ...
 00950   928   NtContinue  (15006936, 0, ...
 00951   924   NtContinue  (13956284, 0, ...
 00952   928   NtContinue  (15006936, 0, ...
 00953   924   NtContinue  (13956284, 0, ...
 00954   928   NtContinue  (15006936, 0, ...
 00955   896   NtContinue  (11861204, 0, ...
 00956   928   NtContinue  (15006936, 0, ...
 00957   896   NtContinue  (11861204, 0, ...
 00958   928   NtContinue  (15006936, 0, ...
 00959   896   NtContinue  (11861204, 0, ...
 00960   924   NtContinue  (13956284, 0, ...
 00961   896   NtContinue  (11861204, 0, ...
 00962   924   NtContinue  (13956284, 0, ...
 00883   452   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00963   896   NtContinue  (11861204, 0, ...
 00964   452   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2HELP.dll"}, 1242252, ... }, 1242252, ...
 00965   924   NtContinue  (13956284, 0, ...
 00966   896   NtContinue  (11861204, 0, ...
 00964   452   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00967   924   NtContinue  (13956284, 0, ...
 00968   928   NtContinue  (15006936, 0, ...
 00969   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 1242252, ... }, 1242252, ...
 00970   924   NtContinue  (13956284, 0, ...
 00969   452   NtQueryAttributesFile  ... ) == 0x0
 00971   928   NtContinue  (15006936, 0, ...
 00972   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 5, 96, ... }, 5, 96, ...
 00973   924   NtContinue  (13956284, 0, ...
 00972   452   NtOpenFile  ... 76, {status=0x0, info=1}, ) == 0x0
 00974   928   NtContinue  (15006936, 0, ...
 00975   896   NtContinue  (11861204, 0, ...
 00976   452   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 76, ...
 00977   928   NtContinue  (15006936, 0, ...
 00976   452   NtCreateSection  ... 64, ) == 0x0
 00978   896   NtContinue  (11861204, 0, ...
 00979   452   NtQuerySection  (64, Image, 48, ...
 00980   928   NtContinue  (15006936, 0, ...
 00979   452   NtQuerySection  ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00981   896   NtContinue  (11861204, 0, ...
 00982   452   NtClose  (76, ...
 00983   928   NtContinue  (15006936, 0, ...
 00982   452   NtClose  ... ) == 0x0
 00984   896   NtContinue  (11861204, 0, ...
 00985   924   NtContinue  (13956284, 0, ...
 00986   452   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 00987   896   NtContinue  (11861204, 0, ...
 00986   452   NtMapViewOfSection  ... (0x71aa0000), 0x0, 32768, ) == 0x0
 00988   924   NtContinue  (13956284, 0, ...
 00989   452   NtClose  (64, ...
 00990   896   NtContinue  (11861204, 0, ...
 00989   452   NtClose  ... ) == 0x0
 00991   924   NtContinue  (13956284, 0, ...
 00992   928   NtContinue  (15006936, 0, ...
 00993   452   NtQuerySystemInformation  (Basic, 44, ...
 00994   924   NtContinue  (13956284, 0, ...
 00993   452   NtQuerySystemInformation  ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00995   928   NtContinue  (15006936, 0, ...
 00996   452   NtQuerySystemInformation  (Processor, 12, ...
 00997   924   NtContinue  (13956284, 0, ...
 00996   452   NtQuerySystemInformation  ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00998   928   NtContinue  (15006936, 0, ...
 00999   452   NtSetEventBoostPriority  (72, ...
 01000   924   NtContinue  (13956284, 0, ...
 00585   940   NtWaitForSingleObject  ... ) == 0x0
 00999   452   NtSetEventBoostPriority  ... ) == 0x0
 01001   928   NtContinue  (15006936, 0, ...
 01002   896   NtContinue  (11861204, 0, ...
 01003   940   NtTestAlert  (...
 01004   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHELL32.dll"}, ... }, ...
 01005   928   NtContinue  (15006936, 0, ...
 01003   940   NtTestAlert  ... ) == 0x0
 01004   452   NtOpenSection  ... 64, ) == 0x0
 01006   896   NtContinue  (11861204, 0, ...
 01007   452   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 01008   940   NtContinue  (12909872, 1, ...
 01009   928   NtContinue  (15006936, 0, ...
 01010   940   NtRegisterThreadTerminatePort  (24, ...
 01007   452   NtMapViewOfSection  ... (0x773d0000), 0x0, 8339456, ) == 0x0
 01011   896   NtContinue  (11861204, 0, ...
 01012   924   NtContinue  (13956284, 0, ...
 01010   940   NtRegisterThreadTerminatePort  ... ) == 0x0
 01013   452   NtClose  (64, ...
 01014   896   NtContinue  (11861204, 0, ...
 01015   940   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ...
 01013   452   NtClose  ... ) == 0x0
 01016   924   NtContinue  (13956284, 0, ...
 01017   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "SHLWAPI.dll"}, ... }, ...
 01018   896   NtContinue  (11861204, 0, ...
 01017   452   NtOpenSection  ... 64, ) == 0x0
 01019   924   NtContinue  (13956284, 0, ...
 01020   452   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 01021   896   NtContinue  (11861204, 0, ...
 01020   452   NtMapViewOfSection  ... (0x772d0000), 0x0, 405504, ) == 0x0
 01022   924   NtContinue  (13956284, 0, ...
 01023   928   NtContinue  (15006936, 0, ...
 01015   940   NtSetInformationThread  ... ) == 0x0
 01024   452   NtClose  (64, ...
 01025   924   NtContinue  (13956284, 0, ...
 01026   928   NtContinue  (15006936, 0, ...
 01024   452   NtClose  ... ) == 0x0
 01027   940   NtSetEvent  (68, ...
 01028   924   NtContinue  (13956284, 0, ...
 01029   452   NtOpenKey  (0x2000000, {24, 28, 0x40, 0, 0,  (0x2000000, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\Explorer\Performance"}, ... }, ...
 01030   928   NtContinue  (15006936, 0, ...
 01027   940   NtSetEvent  ... 0x0, ) == 0x0
 00590   916   NtWaitForSingleObject  ... ) == 0x0
 01031   896   NtContinue  (11861204, 0, ...
 01029   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01032   928   NtContinue  (15006936, 0, ...
 01033   940   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ...
 01034   916   NtClose  (68, ...
 01035   452   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SYSTEM\Setup"}, ... }, ...
 01036   896   NtContinue  (11861204, 0, ...
 01037   928   NtContinue  (15006936, 0, ...
 01033   940   NtCreateEvent  ... 64, ) == 0x0
 01035   452   NtOpenKey  ... 76, ) == 0x0
 01034   916   NtClose  ... ) == 0x0
 01038   896   NtContinue  (11861204, 0, ...
 01039   928   NtContinue  (15006936, 0, ...
 01040   452   NtQueryValueKey  (76,  (76, "SystemSetupInProgress", Partial, 144, ... , Partial, 144, ...
 01041   940   NtCallbackReturn  (0, 0, 0, ...
 01042   916   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 01043   896   NtContinue  (11861204, 0, ...
 01044   924   NtContinue  (13956284, 0, ...
 01040   452   NtQueryValueKey  ... TitleIdx=0, Type=4, Data= ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01045   928   NtContinue  (15006936, 0, ...
 01042   916   NtCreateEvent  ... 68, ) == 0x0
 01046   896   NtContinue  (11861204, 0, ...
 01047   452   NtClose  (76, ...
 01048   924   NtContinue  (13956284, 0, ...
 01049   928   NtContinue  (15006936, 0, ...
 01050   940   NtUserBuildHwndList  (0, 0, 0, 0, 64, ...
 01047   452   NtClose  ... ) == 0x0
 01051   896   NtContinue  (11861204, 0, ...
 01052   924   NtContinue  (13956284, 0, ...
 01053   928   NtContinue  (15006936, 0, ...
 01054   452   NtQueryDefaultUILanguage  (1241412, ...
 01050   940   NtUserBuildHwndList  ... (0x3004c, 0x100dc, 0x100aa, 0x100a8, 0x100a6, 0x20060, 0x100a0, 0x10080, 0x10074, 0x10068, 0x3004a, 0x10066, 0x3003c, 0x10098, 0x1008c, 0x1007c, 0x10026, 0x200b2, 0x100cc, 0x100be, 0x100bc, 0x100ba, 0x100b8, 0x100b6, 0x100b4, 0x100b0, 0x100ae, 0x20062, 0x20064, 0x100ce, 0x100c2, 0x100c0, 0x100ac, 0x1006c, 0x50050, 0x40054, 0x5004e, 0x1007e, 0x10076, 0x1, ), 40, ) == 0x0
 01055   916   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01056   924   NtContinue  (13956284, 0, ...
 01057   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ...
 01058   928   NtContinue  (15006936, 0, ...
 01059   940   NtUserQueryWindow  (196684, 0, ...
 01055   916   NtAllocateVirtualMemory  ... 15007744, 1048576, ) == 0x0
 01057   452   NtOpenThreadTokenEx  ... ) == STATUS_NO_TOKEN
 01060   924   NtContinue  (13956284, 0, ...
 01061   928   NtContinue  (15006936, 0, ...
 01059   940   NtUserQueryWindow  ... ) == 0x758
 01062   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ...
 01063   916   NtAllocateVirtualMemory  (-1, 16048128, 0, 8192, 4096, 4, ...
 01064   924   NtContinue  (13956284, 0, ...
 01065   928   NtContinue  (15006936, 0, ...
 01062   452   NtOpenProcessTokenEx  ... -2147482020, ) == 0x0
 01066   940   NtUserQueryWindow  (196684, 1, ...
 01063   916   NtAllocateVirtualMemory  ... 16048128, 8192, ) == 0x0
 01067   896   NtContinue  (11861204, 0, ...
 01068   924   NtContinue  (13956284, 0, ...
 01069   452   NtQueryInformationToken  (-2147482020, User, 80, ...
 01066   940   NtUserQueryWindow  ... ) == 0x76c
 01070   916   NtProtectVirtualMemory  (-1, (0xf4e000), 4096, 260, ...
 01071   896   NtContinue  (11861204, 0, ...
 01069   452   NtQueryInformationToken  ... {token info, class 1, size 36}, 36, ) == 0x0
 01072   924   NtContinue  (13956284, 0, ...
 01073   928   NtContinue  (15006936, 0, ...
 01070   916   NtProtectVirtualMemory  ... (0xf4e000), 4096, 4, ) == 0x0
 01074   452   NtClose  (-2147482020, ...
 01075   896   NtContinue  (11861204, 0, ...
 01076   924   NtContinue  (13956284, 0, ...
 01077   928   NtContinue  (15006936, 0, ...
 01078   940   NtUserQueryWindow  (65756, 0, ...
 01074   452   NtClose  ... ) == 0x0
 01079   896   NtContinue  (11861204, 0, ...
 01080   924   NtContinue  (13956284, 0, ...
 01081   928   NtContinue  (15006936, 0, ...
 01082   452   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... }, ...
 01078   940   NtUserQueryWindow  ... ) == 0x758
 01083   896   NtContinue  (11861204, 0, ...
 01084   924   NtContinue  (13956284, 0, ...
 01082   452   NtOpenKey  ... -2147482020, ) == 0x0
 01085   928   NtContinue  (15006936, 0, ...
 01086   940   NtUserQueryWindow  (65756, 1, ...
 01087   896   NtContinue  (11861204, 0, ...
 01088   452   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... }, ...
 01089   924   NtContinue  (13956284, 0, ...
 01090   928   NtContinue  (15006936, 0, ...
 01086   940   NtUserQueryWindow  ... ) == 0x76c
 01091   916   NtCreateThread  (0x1f03ff, 0x0, -1, 10812468, 10813184, 1, ...
 01088   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01092   896   NtContinue  (11861204, 0, ...
 01093   928   NtContinue  (15006936, 0, ...
 01094   940   NtUserQueryWindow  (65706, 0, ...
 01095   452   NtOpenKey  (0x80000000, {24, -2147482020, 0x640, 0, 0,  (0x80000000, {24, -2147482020, 0x640, 0, 0, "Control Panel\Desktop"}, ... }, ...
 01091   916   NtCreateThread  ... 76, {448, 944}, ) == 0x0
 01096   896   NtContinue  (11861204, 0, ...
 01097   924   NtContinue  (13956284, 0, ...
 01095   452   NtOpenKey  ... -2147482032, ) == 0x0
 01094   940   NtUserQueryWindow  ... ) == 0x7d0
 01098   916   NtQueryInformationThread  (76, Basic, 28, ...
 01099   896   NtContinue  (11861204, 0, ...
 01100   452   NtQueryValueKey  (-2147482032,  (-2147482032, "MultiUILanguageId", Partial, 256, ... , Partial, 256, ...
 01101   924   NtContinue  (13956284, 0, ...
 01102   928   NtContinue  (15006936, 0, ...
 01098   916   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffda000,Pid=448,Tid=944,}, 0x0, ) == 0x0
 01100   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01103   896   NtContinue  (11861204, 0, ...
 01104   924   NtContinue  (13956284, 0, ...
 01105   928   NtContinue  (15006936, 0, ...
 01106   452   NtClose  (-2147482032, ...
 01107   916   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 916, 1590, 0}  (24, {28, 56, new_msg, 0, 448, 916, 1590, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\351\0\0\0L\0\0\0\300\1\0\0\260\3\0\0" ...  ...
 01108   896   NtContinue  (11861204, 0, ...
 01109   924   NtContinue  (13956284, 0, ...
 01106   452   NtClose  ... ) == 0x0
 01110   928   NtContinue  (15006936, 0, ...
 01111   896   NtContinue  (11861204, 0, ...
 01112   452   NtClose  (-2147482020, ...
 01113   924   NtContinue  (13956284, 0, ...
 01114   928   NtContinue  (15006936, 0, ...
 01115   940   NtUserQueryWindow  (65706, 1, ...
 01107   916   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 448, 916, 1591, 0}  ... {28, 56, reply, 0, 448, 916, 1591, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\351\0\0\0L\0\0\0\300\1\0\0\260\3\0\0" )  ) == 0x0
 01112   452   NtClose  ... ) == 0x0
 01116   924   NtContinue  (13956284, 0, ...
 01117   928   NtContinue  (15006936, 0, ...
 01115   940   NtUserQueryWindow  ... ) == 0x7d4
 01054   452   NtQueryDefaultUILanguage  ... ) == 0x0
 01118   916   NtResumeThread  (76, ...
 01119   896   NtContinue  (11861204, 0, ...
 01120   928   NtContinue  (15006936, 0, ...
 01121   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... }, ...
 01122   940   NtUserQueryWindow  (65704, 0, ...
 01123   944   NtWaitForSingleObject  (72, 0, 0x0, ...
 01118   916   NtResumeThread  ... 1, ) == 0x0
 01124   896   NtContinue  (11861204, 0, ...
 01125   924   NtContinue  (13956284, 0, ...
 01121   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01122   940   NtUserQueryWindow  ... ) == 0x7d0
 01126   916   NtClose  (76, ...
 01127   896   NtContinue  (11861204, 0, ...
 01128   452   NtQueryInstallUILanguage  (2012047340, ...
 01129   924   NtContinue  (13956284, 0, ...
 01130   940   NtUserQueryWindow  (65704, 1, ...
 01126   916   NtClose  ... ) == 0x0
 01128   452   NtQueryInstallUILanguage  ... ) == 0x0
 01131   896   NtContinue  (11861204, 0, ...
 01132   924   NtContinue  (13956284, 0, ...
 01130   940   NtUserQueryWindow  ... ) == 0x7d4
 01133   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll"}, 1, 96, ... }, 1, 96, ...
 01134   916   NtWaitForSingleObject  (68, 0, 0x0, ...
 01135   896   NtContinue  (11861204, 0, ...
 01136   924   NtContinue  (13956284, 0, ...
 01137   928   NtContinue  (15006936, 0, ...
 01133   452   NtOpenFile  ... 76, {status=0x0, info=1}, ) == 0x0
 01138   940   NtUserQueryWindow  (65702, 0, ...
 01139   896   NtContinue  (11861204, 0, ...
 01140   924   NtContinue  (13956284, 0, ...
 01141   452   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 76, ...
 01142   928   NtContinue  (15006936, 0, ...
 01138   940   NtUserQueryWindow  ... ) == 0x7d0
 01141   452   NtCreateSection  ... 80, ) == 0x0
 01143   924   NtContinue  (13956284, 0, ...
 01144   928   NtContinue  (15006936, 0, ...
 01145   452   NtMapViewOfSection  (80, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ...
 01146   940   NtUserQueryWindow  (65702, 1, ...
 01147   896   NtContinue  (11861204, 0, ...
 01145   452   NtMapViewOfSection  ... (0x1070000), 0x0, 8323072, ) == 0x0
 01148   928   NtContinue  (15006936, 0, ...
 01146   940   NtUserQueryWindow  ... ) == 0x7d4
 01149   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll.124.Manifest"}, 1, 96, ... }, 1, 96, ...
 01150   896   NtContinue  (11861204, 0, ...
 01151   928   NtContinue  (15006936, 0, ...
 01149   452   NtOpenFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01152   940   NtUserQueryWindow  (131168, 0, ...
 01153   896   NtContinue  (11861204, 0, ...
 01154   452   NtQueryDefaultUILanguage  (2013024600, ...
 01155   928   NtContinue  (15006936, 0, ...
 01152   940   NtUserQueryWindow  ... ) == 0x7d0
 01156   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ...
 01157   896   NtContinue  (11861204, 0, ...
 01158   924   NtContinue  (13956284, 0, ...
 01159   928   NtContinue  (15006936, 0, ...
 01156   452   NtOpenThreadTokenEx  ... ) == STATUS_NO_TOKEN
 01160   896   NtContinue  (11861204, 0, ...
 01161   924   NtContinue  (13956284, 0, ...
 01162   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ...
 01163   928   NtContinue  (15006936, 0, ...
 01164   896   NtContinue  (11861204, 0, ...
 01162   452   NtOpenProcessTokenEx  ... -2147482020, ) == 0x0
 01165   924   NtContinue  (13956284, 0, ...
 01166   928   NtContinue  (15006936, 0, ...
 01167   940   NtUserQueryWindow  (131168, 1, ...
 01168   452   NtQueryInformationToken  (-2147482020, User, 80, ...
 01169   924   NtContinue  (13956284, 0, ...
 01170   928   NtContinue  (15006936, 0, ...
 01168   452   NtQueryInformationToken  ... {token info, class 1, size 36}, 36, ) == 0x0
 01167   940   NtUserQueryWindow  ... ) == 0x7d4
 01171   924   NtContinue  (13956284, 0, ...
 01172   452   NtClose  (-2147482020, ...
 01173   928   NtContinue  (15006936, 0, ...
 01174   940   NtUserQueryWindow  (65696, 0, ...
 01172   452   NtClose  ... ) == 0x0
 01175   924   NtContinue  (13956284, 0, ...
 01176   928   NtContinue  (15006936, 0, ...
 01177   452   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... }, ...
 01174   940   NtUserQueryWindow  ... ) == 0x758
 01178   896   NtContinue  (11861204, 0, ...
 01179   924   NtContinue  (13956284, 0, ...
 01177   452   NtOpenKey  ... -2147482020, ) == 0x0
 01180   940   NtUserQueryWindow  (65696, 1, ...
 01181   896   NtContinue  (11861204, 0, ...
 01182   452   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... }, ...
 01183   924   NtContinue  (13956284, 0, ...
 01180   940   NtUserQueryWindow  ... ) == 0x76c
 01182   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01184   896   NtContinue  (11861204, 0, ...
 01185   924   NtContinue  (13956284, 0, ...
 01186   928   NtContinue  (15006936, 0, ...
 01187   452   NtOpenKey  (0x80000000, {24, -2147482020, 0x640, 0, 0,  (0x80000000, {24, -2147482020, 0x640, 0, 0, "Control Panel\Desktop"}, ... }, ...
 01188   896   NtContinue  (11861204, 0, ...
 01189   924   NtContinue  (13956284, 0, ...
 01187   452   NtOpenKey  ... -2147482032, ) == 0x0
 01190   928   NtContinue  (15006936, 0, ...
 01191   896   NtContinue  (11861204, 0, ...
 01192   452   NtQueryValueKey  (-2147482032,  (-2147482032, "MultiUILanguageId", Partial, 256, ... , Partial, 256, ...
 01193   924   NtContinue  (13956284, 0, ...
 01194   928   NtContinue  (15006936, 0, ...
 01192   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01195   896   NtContinue  (11861204, 0, ...
 01196   924   NtContinue  (13956284, 0, ...
 01197   452   NtClose  (-2147482032, ...
 01198   928   NtContinue  (15006936, 0, ...
 01199   940   NtUserQueryWindow  (65664, 0, ...
 01200   896   NtContinue  (11861204, 0, ...
 01197   452   NtClose  ... ) == 0x0
 01201   928   NtContinue  (15006936, 0, ...
 01199   940   NtUserQueryWindow  ... ) == 0x758
 01202   452   NtClose  (-2147482020, ...
 01203   896   NtContinue  (11861204, 0, ...
 01204   928   NtContinue  (15006936, 0, ...
 01202   452   NtClose  ... ) == 0x0
 01205   940   NtUserQueryWindow  (65664, 1, ...
 01206   896   NtContinue  (11861204, 0, ...
 01207   924   NtContinue  (13956284, 0, ...
 01154   452   NtQueryDefaultUILanguage  ... ) == 0x0
 01205   940   NtUserQueryWindow  ... ) == 0x76c
 01208   896   NtContinue  (11861204, 0, ...
 01209   452   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ...
 01210   924   NtContinue  (13956284, 0, ...
 01211   940   NtUserQueryWindow  (65652, 0, ...
 01209   452   NtAllocateVirtualMemory  ... 1228800, 4096, ) == 0x0
 01212   896   NtContinue  (11861204, 0, ...
 01213   924   NtContinue  (13956284, 0, ...
 01214   452   NtQueryInstallUILanguage  (2013024602, ...
 01211   940   NtUserQueryWindow  ... ) == 0x758
 01215   896   NtContinue  (11861204, 0, ...
 01214   452   NtQueryInstallUILanguage  ... ) == 0x0
 01216   924   NtContinue  (13956284, 0, ...
 01217   928   NtContinue  (15006936, 0, ...
 01218   940   NtUserQueryWindow  (65652, 1, ...
 01219   452   NtQueryDefaultLocale  (1, 1239448, ...
 01220   924   NtContinue  (13956284, 0, ...
 01221   928   NtContinue  (15006936, 0, ...
 01219   452   NtQueryDefaultLocale  ... ) == 0x0
 01218   940   NtUserQueryWindow  ... ) == 0x76c
 01222   924   NtContinue  (13956284, 0, ...
 01223   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\SHELL32.dll.124.Config"}, 1, 96, ... }, 1, 96, ...
 01224   928   NtContinue  (15006936, 0, ...
 01225   940   NtUserQueryWindow  (65640, 0, ...
 01226   896   NtContinue  (11861204, 0, ...
 01223   452   NtOpenFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01227   928   NtContinue  (15006936, 0, ...
 01225   940   NtUserQueryWindow  ... ) == 0x758
 01228   452   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1240304, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1240304, 1, 96, 0} "\210\6\32\1\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1L\0\0\0\377\377\377\377\0\0\0\0\20\311>\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\360\363\22\0\0\0\0\0" ...  ...
 01229   896   NtContinue  (11861204, 0, ...
 01230   928   NtContinue  (15006936, 0, ...
 01228   452   NtRequestWaitReplyPort  ... {128, 156, reply, 0, 448, 452, 1592, 0}  ... {128, 156, reply, 0, 448, 452, 1592, 0} "\210\347\26\0\33\0\1\0\0\0\0\0\1\360\22\0\1\0\0\0\0\0\11\4\1\1\1\0>\0@\0\250\6\32\1L\0\0\0\377\377\377\377\0\0\0\0\20\311>\1\0\0\0\0\236\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\0,\0\350\6\32\1\0\0\0\0\0\0\0\0\360\363\22\0\0\0\0\0" )  ) == 0x0
 01231   940   NtUserQueryWindow  (65640, 1, ...
 01232   896   NtContinue  (11861204, 0, ...
 01233   452   NtClose  (76, ...
 01234   928   NtContinue  (15006936, 0, ...
 01231   940   NtUserQueryWindow  ... ) == 0x76c
 01233   452   NtClose  ... ) == 0x0
 01235   896   NtContinue  (11861204, 0, ...
 01236   924   NtContinue  (13956284, 0, ...
 01237   928   NtContinue  (15006936, 0, ...
 01238   452   NtClose  (80, ...
 01239   896   NtContinue  (11861204, 0, ...
 01240   924   NtContinue  (13956284, 0, ...
 01238   452   NtClose  ... ) == 0x0
 01241   928   NtContinue  (15006936, 0, ...
 01242   896   NtContinue  (11861204, 0, ...
 01243   452   NtUnmapViewOfSection  (-1, 0x1070000, ...
 01244   924   NtContinue  (13956284, 0, ...
 01245   928   NtContinue  (15006936, 0, ...
 01246   940   NtUserQueryWindow  (196682, 0, ...
 01243   452   NtUnmapViewOfSection  ... ) == 0x0
 01247   924   NtContinue  (13956284, 0, ...
 01248   928   NtContinue  (15006936, 0, ...
 01249   452   NtUnmapViewOfSection  (-1, 0x12f3f0, ...
 01246   940   NtUserQueryWindow  ... ) == 0x758
 01250   924   NtContinue  (13956284, 0, ...
 01249   452   NtUnmapViewOfSection  ... ) == STATUS_NOT_MAPPED_VIEW
 01251   928   NtContinue  (15006936, 0, ...
 01252   940   NtUserQueryWindow  (196682, 1, ...
 01253   452   NtQueryDebugFilterState  (53, 2, ...
 01254   924   NtContinue  (13956284, 0, ...
 01255   928   NtContinue  (15006936, 0, ...
 01253   452   NtQueryDebugFilterState  ... ) == 0x0
 01252   940   NtUserQueryWindow  ... ) == 0x76c
 01256   896   NtContinue  (11861204, 0, ...
 01257   924   NtContinue  (13956284, 0, ...
 01258   452   NtOpenKey  (0x8, {24, 0, 0x40, 0, 0,  (0x8, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots"}, ... }, ...
 01259   940   NtUserQueryWindow  (65638, 0, ...
 01260   896   NtContinue  (11861204, 0, ...
 01258   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01261   924   NtContinue  (13956284, 0, ...
 01259   940   NtUserQueryWindow  ... ) == 0x758
 01262   452   NtQueryDebugFilterState  (53, 2, ...
 01263   896   NtContinue  (11861204, 0, ...
 01264   924   NtContinue  (13956284, 0, ...
 01265   928   NtContinue  (15006936, 0, ...
 01262   452   NtQueryDebugFilterState  ... ) == 0x0
 01266   896   NtContinue  (11861204, 0, ...
 01267   924   NtContinue  (13956284, 0, ...
 01268   452   NtQueryDebugFilterState  (53, 2, ...
 01269   928   NtContinue  (15006936, 0, ...
 01270   896   NtContinue  (11861204, 0, ...
 01268   452   NtQueryDebugFilterState  ... ) == 0x0
 01271   924   NtContinue  (13956284, 0, ...
 01272   928   NtContinue  (15006936, 0, ...
 01273   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local\"}, 1238532, ... }, 1238532, ...
 01274   896   NtContinue  (11861204, 0, ...
 01275   924   NtContinue  (13956284, 0, ...
 01276   928   NtContinue  (15006936, 0, ...
 01277   940   NtUserQueryWindow  (65638, 1, ...
 01278   896   NtContinue  (11861204, 0, ...
 01279   928   NtContinue  (15006936, 0, ...
 01277   940   NtUserQueryWindow  ... ) == 0x76c
 01273   452   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01280   896   NtContinue  (11861204, 0, ...
 01281   928   NtContinue  (15006936, 0, ...
 01282   452   NtQueryDebugFilterState  (53, 2, ...
 01283   940   NtUserQueryWindow  (196668, 0, ...
 01284   896   NtContinue  (11861204, 0, ...
 01285   924   NtContinue  (13956284, 0, ...
 01282   452   NtQueryDebugFilterState  ... ) == 0x0
 01283   940   NtUserQueryWindow  ... ) == 0x758
 01286   896   NtContinue  (11861204, 0, ...
 01287   452   NtQueryDebugFilterState  (53, 2, ...
 01288   924   NtContinue  (13956284, 0, ...
 01289   940   NtUserQueryWindow  (196668, 1, ...
 01287   452   NtQueryDebugFilterState  ... ) == 0x0
 01290   896   NtContinue  (11861204, 0, ...
 01291   924   NtContinue  (13956284, 0, ...
 01292   452   NtQueryDebugFilterState  (53, 2, ...
 01289   940   NtUserQueryWindow  ... ) == 0x76c
 01293   896   NtContinue  (11861204, 0, ...
 01292   452   NtQueryDebugFilterState  ... ) == 0x0
 01294   924   NtContinue  (13956284, 0, ...
 01295   928   NtContinue  (15006936, 0, ...
 01296   940   NtUserQueryWindow  (65688, 0, ...
 01297   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 1239124, ... }, 1239124, ...
 01298   924   NtContinue  (13956284, 0, ...
 01299   928   NtContinue  (15006936, 0, ...
 01297   452   NtQueryAttributesFile  ... ) == 0x0
 01296   940   NtUserQueryWindow  ... ) == 0x758
 01300   924   NtContinue  (13956284, 0, ...
 01301   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a"}, 3, 33, ... }, 3, 33, ...
 01302   928   NtContinue  (15006936, 0, ...
 01303   940   NtUserQueryWindow  (65688, 1, ...
 01304   896   NtContinue  (11861204, 0, ...
 01301   452   NtOpenFile  ... 80, {status=0x0, info=1}, ) == 0x0
 01305   928   NtContinue  (15006936, 0, ...
 01303   940   NtUserQueryWindow  ... ) == 0x76c
 01306   452   NtQueryDebugFilterState  (53, 2, ...
 01307   896   NtContinue  (11861204, 0, ...
 01308   928   NtContinue  (15006936, 0, ...
 01306   452   NtQueryDebugFilterState  ... ) == 0x0
 01309   940   NtUserQueryWindow  (65676, 0, ...
 01310   896   NtContinue  (11861204, 0, ...
 01311   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... }, 5, 96, ...
 01312   928   NtContinue  (15006936, 0, ...
 01309   940   NtUserQueryWindow  ... ) == 0x758
 01311   452   NtOpenFile  ... 76, {status=0x0, info=1}, ) == 0x0
 01313   896   NtContinue  (11861204, 0, ...
 01314   924   NtContinue  (13956284, 0, ...
 01315   928   NtContinue  (15006936, 0, ...
 01316   452   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 76, ...
 01317   896   NtContinue  (11861204, 0, ...
 01318   924   NtContinue  (13956284, 0, ...
 01316   452   NtCreateSection  ... 84, ) == 0x0
 01319   928   NtContinue  (15006936, 0, ...
 01320   896   NtContinue  (11861204, 0, ...
 01321   452   NtClose  (76, ...
 01322   924   NtContinue  (13956284, 0, ...
 01323   928   NtContinue  (15006936, 0, ...
 01324   940   NtUserQueryWindow  (65676, 1, ...
 01321   452   NtClose  ... ) == 0x0
 01325   924   NtContinue  (13956284, 0, ...
 01326   928   NtContinue  (15006936, 0, ...
 01327   452   NtMapViewOfSection  (84, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ...
 01324   940   NtUserQueryWindow  ... ) == 0x76c
 01328   924   NtContinue  (13956284, 0, ...
 01327   452   NtMapViewOfSection  ... (0xf50000), 0x0, 921600, ) == 0x0
 01329   928   NtContinue  (15006936, 0, ...
 01330   940   NtUserQueryWindow  (65660, 0, ...
 01331   452   NtClose  (84, ...
 01332   924   NtContinue  (13956284, 0, ...
 01333   928   NtContinue  (15006936, 0, ...
 01331   452   NtClose  ... ) == 0x0
 01330   940   NtUserQueryWindow  ... ) == 0x758
 01334   896   NtContinue  (11861204, 0, ...
 01335   924   NtContinue  (13956284, 0, ...
 01336   452   NtUnmapViewOfSection  (-1, 0xf50000, ...
 01337   940   NtUserQueryWindow  (65660, 1, ...
 01338   896   NtContinue  (11861204, 0, ...
 01336   452   NtUnmapViewOfSection  ... ) == 0x0
 01339   924   NtContinue  (13956284, 0, ...
 01337   940   NtUserQueryWindow  ... ) == 0x75c
 01340   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll"}, 5, 96, ... }, 5, 96, ...
 01341   896   NtContinue  (11861204, 0, ...
 01342   924   NtContinue  (13956284, 0, ...
 01343   928   NtContinue  (15006936, 0, ...
 01340   452   NtOpenFile  ... 84, {status=0x0, info=1}, ) == 0x0
 01344   896   NtContinue  (11861204, 0, ...
 01345   924   NtContinue  (13956284, 0, ...
 01346   452   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 84, ...
 01347   928   NtContinue  (15006936, 0, ...
 01348   896   NtContinue  (11861204, 0, ...
 01346   452   NtCreateSection  ... 76, ) == 0x0
 01349   924   NtContinue  (13956284, 0, ...
 01350   928   NtContinue  (15006936, 0, ...
 01351   452   NtQuerySection  (76, Image, 48, ...
 01352   896   NtContinue  (11861204, 0, ...
 01353   924   NtContinue  (13956284, 0, ...
 01351   452   NtQuerySection  ... {section info, class 1, size 48}, 0x0, ) == 0x0
 01354   928   NtContinue  (15006936, 0, ...
 01355   940   NtUserQueryWindow  (65574, 0, ...
 01356   896   NtContinue  (11861204, 0, ...
 01357   452   NtClose  (84, ...
 01358   928   NtContinue  (15006936, 0, ...
 01355   940   NtUserQueryWindow  ... ) == 0x268
 01357   452   NtClose  ... ) == 0x0
 01359   896   NtContinue  (11861204, 0, ...
 01360   928   NtContinue  (15006936, 0, ...
 01361   452   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 01362   940   NtUserQueryWindow  (65574, 1, ...
 01363   896   NtContinue  (11861204, 0, ...
 01364   924   NtContinue  (13956284, 0, ...
 01361   452   NtMapViewOfSection  ... (0x71950000), 0x0, 933888, ) == 0x0
 01362   940   NtUserQueryWindow  ... ) == 0x2c0
 01365   896   NtContinue  (11861204, 0, ...
 01366   452   NtClose  (76, ...
 01367   924   NtContinue  (13956284, 0, ...
 01368   940   NtUserQueryWindow  (131250, 0, ...
 01366   452   NtClose  ... ) == 0x0
 01369   896   NtContinue  (11861204, 0, ...
 01370   924   NtContinue  (13956284, 0, ...
 01371   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ...
 01368   940   NtUserQueryWindow  ... ) == 0x11c
 01372   896   NtContinue  (11861204, 0, ...
 01371   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 32, ) == 0x0
 01373   924   NtContinue  (13956284, 0, ...
 01374   928   NtContinue  (15006936, 0, ...
 01375   940   NtUserQueryWindow  (131250, 1, ...
 01376   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ...
 01377   924   NtContinue  (13956284, 0, ...
 01378   928   NtContinue  (15006936, 0, ...
 01376   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 4, ) == 0x0
 01375   940   NtUserQueryWindow  ... ) == 0x120
 01379   924   NtContinue  (13956284, 0, ...
 01380   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ...
 01381   928   NtContinue  (15006936, 0, ...
 01382   940   NtUserQueryWindow  (65740, 0, ...
 01383   896   NtContinue  (11861204, 0, ...
 01380   452   NtFlushInstructionCache  ... ) == 0x0
 01384   928   NtContinue  (15006936, 0, ...
 01382   940   NtUserQueryWindow  ... ) == 0x11c
 01385   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ...
 01386   896   NtContinue  (11861204, 0, ...
 01387   928   NtContinue  (15006936, 0, ...
 01385   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 32, ) == 0x0
 01388   940   NtUserQueryWindow  (65740, 1, ...
 01389   896   NtContinue  (11861204, 0, ...
 01390   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ...
 01391   928   NtContinue  (15006936, 0, ...
 01388   940   NtUserQueryWindow  ... ) == 0x120
 01390   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 4, ) == 0x0
 01392   896   NtContinue  (11861204, 0, ...
 01393   924   NtContinue  (13956284, 0, ...
 01394   928   NtContinue  (15006936, 0, ...
 01395   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ...
 01396   896   NtContinue  (11861204, 0, ...
 01397   924   NtContinue  (13956284, 0, ...
 01395   452   NtFlushInstructionCache  ... ) == 0x0
 01398   928   NtContinue  (15006936, 0, ...
 01399   896   NtContinue  (11861204, 0, ...
 01400   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ...
 01401   924   NtContinue  (13956284, 0, ...
 01402   928   NtContinue  (15006936, 0, ...
 01403   940   NtUserQueryWindow  (65726, 0, ...
 01400   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 32, ) == 0x0
 01404   924   NtContinue  (13956284, 0, ...
 01405   928   NtContinue  (15006936, 0, ...
 01406   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ...
 01403   940   NtUserQueryWindow  ... ) == 0x7d8
 01407   924   NtContinue  (13956284, 0, ...
 01406   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 4, ) == 0x0
 01408   928   NtContinue  (15006936, 0, ...
 01409   940   NtUserQueryWindow  (65726, 1, ...
 01410   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ...
 01411   924   NtContinue  (13956284, 0, ...
 01412   928   NtContinue  (15006936, 0, ...
 01410   452   NtFlushInstructionCache  ... ) == 0x0
 01409   940   NtUserQueryWindow  ... ) == 0x7dc
 01413   896   NtContinue  (11861204, 0, ...
 01414   924   NtContinue  (13956284, 0, ...
 01415   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ...
 01416   940   NtUserQueryWindow  (65724, 0, ...
 01417   896   NtContinue  (11861204, 0, ...
 01415   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 32, ) == 0x0
 01418   924   NtContinue  (13956284, 0, ...
 01416   940   NtUserQueryWindow  ... ) == 0x7d8
 01419   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ...
 01420   896   NtContinue  (11861204, 0, ...
 01421   924   NtContinue  (13956284, 0, ...
 01422   928   NtContinue  (15006936, 0, ...
 01419   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 4, ) == 0x0
 01423   896   NtContinue  (11861204, 0, ...
 01424   924   NtContinue  (13956284, 0, ...
 01425   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ...
 01426   928   NtContinue  (15006936, 0, ...
 01427   896   NtContinue  (11861204, 0, ...
 01425   452   NtFlushInstructionCache  ... ) == 0x0
 01428   924   NtContinue  (13956284, 0, ...
 01429   928   NtContinue  (15006936, 0, ...
 01430   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ...
 01431   896   NtContinue  (11861204, 0, ...
 01432   924   NtContinue  (13956284, 0, ...
 01430   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 32, ) == 0x0
 01433   928   NtContinue  (15006936, 0, ...
 01434   940   NtUserQueryWindow  (65724, 1, ...
 01435   896   NtContinue  (11861204, 0, ...
 01436   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ...
 01437   928   NtContinue  (15006936, 0, ...
 01434   940   NtUserQueryWindow  ... ) == 0x7dc
 01436   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 4, ) == 0x0
 01438   896   NtContinue  (11861204, 0, ...
 01439   928   NtContinue  (15006936, 0, ...
 01440   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ...
 01441   940   NtUserQueryWindow  (65722, 0, ...
 01442   896   NtContinue  (11861204, 0, ...
 01443   924   NtContinue  (13956284, 0, ...
 01440   452   NtFlushInstructionCache  ... ) == 0x0
 01441   940   NtUserQueryWindow  ... ) == 0x7d8
 01444   896   NtContinue  (11861204, 0, ...
 01445   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ...
 01446   924   NtContinue  (13956284, 0, ...
 01447   940   NtUserQueryWindow  (65722, 1, ...
 01445   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 32, ) == 0x0
 01448   896   NtContinue  (11861204, 0, ...
 01449   924   NtContinue  (13956284, 0, ...
 01450   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ...
 01447   940   NtUserQueryWindow  ... ) == 0x7dc
 01451   896   NtContinue  (11861204, 0, ...
 01450   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 4, ) == 0x0
 01452   924   NtContinue  (13956284, 0, ...
 01453   928   NtContinue  (15006936, 0, ...
 01454   940   NtUserQueryWindow  (65720, 0, ...
 01455   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ...
 01456   924   NtContinue  (13956284, 0, ...
 01457   928   NtContinue  (15006936, 0, ...
 01455   452   NtFlushInstructionCache  ... ) == 0x0
 01454   940   NtUserQueryWindow  ... ) == 0x7d8
 01458   924   NtContinue  (13956284, 0, ...
 01459   452   NtProtectVirtualMemory  (-1, (0x71951000), 1952, 4, ...
 01460   928   NtContinue  (15006936, 0, ...
 01461   940   NtUserQueryWindow  (65720, 1, ...
 01462   896   NtContinue  (11861204, 0, ...
 01459   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 32, ) == 0x0
 01463   928   NtContinue  (15006936, 0, ...
 01461   940   NtUserQueryWindow  ... ) == 0x7dc
 01464   452   NtProtectVirtualMemory  (-1, (0x71951000), 4096, 32, ...
 01465   896   NtContinue  (11861204, 0, ...
 01466   928   NtContinue  (15006936, 0, ...
 01464   452   NtProtectVirtualMemory  ... (0x71951000), 4096, 4, ) == 0x0
 01467   940   NtUserQueryWindow  (65718, 0, ...
 01468   896   NtContinue  (11861204, 0, ...
 01469   452   NtFlushInstructionCache  (-1, 1905594368, 1952, ...
 01470   928   NtContinue  (15006936, 0, ...
 01467   940   NtUserQueryWindow  ... ) == 0x7d8
 01469   452   NtFlushInstructionCache  ... ) == 0x0
 01471   896   NtContinue  (11861204, 0, ...
 01472   924   NtContinue  (13956284, 0, ...
 01473   928   NtContinue  (15006936, 0, ...
 01474   452   NtAddAtom  ( ("T\0h\0e\0m\0e\0P\0r\0o\0p\0S\0c\0r\0o\0l\0l\0B\0a\0r\0C\0t\0l\0", 42, 1240308, ... , 42, 1240308, ...
 01475   896   NtContinue  (11861204, 0, ...
 01476   924   NtContinue  (13956284, 0, ...
 01474   452   NtAddAtom  ... ) == 0x0
 01477   928   NtContinue  (15006936, 0, ...
 01478   896   NtContinue  (11861204, 0, ...
 01479   452   NtQueryDefaultUILanguage  (1239024, ...
 01480   924   NtContinue  (13956284, 0, ...
 01481   928   NtContinue  (15006936, 0, ...
 01482   940   NtUserQueryWindow  (65718, 1, ...
 01483   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ...
 01484   924   NtContinue  (13956284, 0, ...
 01485   928   NtContinue  (15006936, 0, ...
 01483   452   NtOpenThreadTokenEx  ... ) == STATUS_NO_TOKEN
 01482   940   NtUserQueryWindow  ... ) == 0x7dc
 01486   924   NtContinue  (13956284, 0, ...
 01487   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ...
 01488   928   NtContinue  (15006936, 0, ...
 01489   940   NtUserQueryWindow  (65716, 0, ...
 01487   452   NtOpenProcessTokenEx  ... -2147482020, ) == 0x0
 01490   924   NtContinue  (13956284, 0, ...
 01491   452   NtQueryInformationToken  (-2147482020, User, 80, ...
 01489   940   NtUserQueryWindow  ... ) == 0x7d8
 01492   928   NtContinue  (15006936, 0, ...
 01493   896   NtContinue  (11861204, 0, ...
 01491   452   NtQueryInformationToken  ... {token info, class 1, size 36}, 36, ) == 0x0
 01494   940   NtUserQueryWindow  (65716, 1, ...
 01495   928   NtContinue  (15006936, 0, ...
 01496   452   NtClose  (-2147482020, ...
 01497   896   NtContinue  (11861204, 0, ...
 01494   940   NtUserQueryWindow  ... ) == 0x7dc
 01496   452   NtClose  ... ) == 0x0
 01498   928   NtContinue  (15006936, 0, ...
 01499   896   NtContinue  (11861204, 0, ...
 01500   924   NtContinue  (13956284, 0, ...
 01501   452   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... }, ...
 01502   928   NtContinue  (15006936, 0, ...
 01503   896   NtContinue  (11861204, 0, ...
 01501   452   NtOpenKey  ... -2147482020, ) == 0x0
 01504   924   NtContinue  (13956284, 0, ...
 01505   928   NtContinue  (15006936, 0, ...
 01506   452   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... }, ...
 01507   896   NtContinue  (11861204, 0, ...
 01508   924   NtContinue  (13956284, 0, ...
 01506   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01509   928   NtContinue  (15006936, 0, ...
 01510   896   NtContinue  (11861204, 0, ...
 01511   452   NtOpenKey  (0x80000000, {24, -2147482020, 0x640, 0, 0,  (0x80000000, {24, -2147482020, 0x640, 0, 0, "Control Panel\Desktop"}, ... }, ...
 01512   924   NtContinue  (13956284, 0, ...
 01513   940   NtUserQueryWindow  (65712, 0, ...
 01514   928   NtContinue  (15006936, 0, ...
 01511   452   NtOpenKey  ... -2147482032, ) == 0x0
 01515   924   NtContinue  (13956284, 0, ...
 01513   940   NtUserQueryWindow  ... ) == 0x7d8
 01516   452   NtQueryValueKey  (-2147482032,  (-2147482032, "MultiUILanguageId", Partial, 256, ... , Partial, 256, ...
 01517   928   NtContinue  (15006936, 0, ...
 01518   924   NtContinue  (13956284, 0, ...
 01516   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01519   940   NtUserQueryWindow  (65712, 1, ...
 01520   928   NtContinue  (15006936, 0, ...
 01521   896   NtContinue  (11861204, 0, ...
 01522   452   NtClose  (-2147482032, ...
 01519   940   NtUserQueryWindow  ... ) == 0x7dc
 01523   928   NtContinue  (15006936, 0, ...
 01522   452   NtClose  ... ) == 0x0
 01524   896   NtContinue  (11861204, 0, ...
 01525   940   NtUserQueryWindow  (65710, 0, ...
 01526   452   NtClose  (-2147482020, ...
 01527   928   NtContinue  (15006936, 0, ...
 01528   896   NtContinue  (11861204, 0, ...
 01526   452   NtClose  ... ) == 0x0
 01525   940   NtUserQueryWindow  ... ) == 0x7d8
 01529   928   NtContinue  (15006936, 0, ...
 01479   452   NtQueryDefaultUILanguage  ... ) == 0x0
 01530   896   NtContinue  (11861204, 0, ...
 01531   924   NtContinue  (13956284, 0, ...
 01532   940   NtUserQueryWindow  (65710, 1, ...
 01533   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... }, ...
 01534   896   NtContinue  (11861204, 0, ...
 01535   924   NtContinue  (13956284, 0, ...
 01533   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01532   940   NtUserQueryWindow  ... ) == 0x7dc
 01536   896   NtContinue  (11861204, 0, ...
 01537   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237876, ... }, 1237876, ...
 01538   924   NtContinue  (13956284, 0, ...
 01539   940   NtUserQueryWindow  (131170, 0, ...
 01540   928   NtContinue  (15006936, 0, ...
 01537   452   NtQueryAttributesFile  ... ) == 0x0
 01541   924   NtContinue  (13956284, 0, ...
 01539   940   NtUserQueryWindow  ... ) == 0x7c8
 01542   452   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 5, 96, ... }, 5, 96, ...
 01543   928   NtContinue  (15006936, 0, ...
 01544   924   NtContinue  (13956284, 0, ...
 01542   452   NtOpenFile  ... 76, {status=0x0, info=1}, ) == 0x0
 01545   940   NtUserQueryWindow  (131170, 1, ...
 01546   928   NtContinue  (15006936, 0, ...
 01547   452   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 76, ...
 01548   924   NtContinue  (13956284, 0, ...
 01545   940   NtUserQueryWindow  ... ) == 0x7cc
 01547   452   NtCreateSection  ... 84, ) == 0x0
 01549   928   NtContinue  (15006936, 0, ...
 01550   896   NtContinue  (11861204, 0, ...
 01551   924   NtContinue  (13956284, 0, ...
 01552   452   NtClose  (76, ...
 01553   928   NtContinue  (15006936, 0, ...
 01554   896   NtContinue  (11861204, 0, ...
 01552   452   NtClose  ... ) == 0x0
 01555   924   NtContinue  (13956284, 0, ...
 01556   928   NtContinue  (15006936, 0, ...
 01557   452   NtMapViewOfSection  (84, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ...
 01558   896   NtContinue  (11861204, 0, ...
 01559   924   NtContinue  (13956284, 0, ...
 01560   940   NtUserQueryWindow  (131172, 0, ...
 01557   452   NtMapViewOfSection  ... (0x880000), 0x0, 4096, ) == 0x0
 01561   896   NtContinue  (11861204, 0, ...
 01562   924   NtContinue  (13956284, 0, ...
 01563   452   NtClose  (84, ...
 01560   940   NtUserQueryWindow  ... ) == 0x7e8
 01564   896   NtContinue  (11861204, 0, ...
 01563   452   NtClose  ... ) == 0x0
 01565   924   NtContinue  (13956284, 0, ...
 01566   940   NtUserQueryWindow  (131172, 1, ...
 01567   452   NtUnmapViewOfSection  (-1, 0x880000, ...
 01568   896   NtContinue  (11861204, 0, ...
 01569   924   NtContinue  (13956284, 0, ...
 01567   452   NtUnmapViewOfSection  ... ) == 0x0
 01566   940   NtUserQueryWindow  ... ) == 0x7ec
 01570   928   NtContinue  (15006936, 0, ...
 01571   896   NtContinue  (11861204, 0, ...
 01572   452   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1237516, ... }, 1237516, ...
 01573   940   NtUserQueryWindow  (65742, 0, ...
 01574   928   NtContinue  (15006936, 0, ...
 01572   452   NtQueryAttributesFile  ... ) == 0x0
 01575   896   NtContinue  (11861204, 0, ...
 01573   940   NtUserQueryWindow  ... ) == 0x758
 01576   452   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1238216,  (0x80100080, {24, 0, 0x40, 0, 1238216, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 0x0, 0, 5, 1, 96, 0, 0, ... }, 0x0, 0, 5, 1, 96, 0, 0, ...
 01577   928   NtContinue  (15006936, 0, ...
 01578   896   NtContinue  (11861204, 0, ...
 01579   924   NtContinue  (13956284, 0, ...
 01576   452   NtCreateFile  ... 84, {status=0x0, info=1}, ) == 0x0
 01580   928   NtContinue  (15006936, 0, ...
 01581   896   NtContinue  (11861204, 0, ...
 01582   452   NtCreateSection  (0xf0005, 0x0, 0x0, 2, 134217728, 84, ...
 01583   924   NtContinue  (13956284, 0, ...
 01584   928   NtContinue  (15006936, 0, ...
 01582   452   NtCreateSection  ... 76, ) == 0x0
 01585   896   NtContinue  (11861204, 0, ...
 01586   924   NtContinue  (13956284, 0, ...
 01587   452   NtClose  (84, ...
 01588   928   NtContinue  (15006936, 0, ...
 01589   896   NtContinue  (11861204, 0, ...
 01587   452   NtClose  ... ) == 0x0
 01590   924   NtContinue  (13956284, 0, ...
 01591   940   NtUserQueryWindow  (65742, 1, ...
 01592   928   NtContinue  (15006936, 0, ...
 01593   452   NtMapViewOfSection  (76, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ...
 01594   924   NtContinue  (13956284, 0, ...
 01591   940   NtUserQueryWindow  ... ) == 0x12c
 01593   452   NtMapViewOfSection  ... (0x880000), {0, 0}, 4096, ) == 0x0
 01595   928   NtContinue  (15006936, 0, ...
 01596   924   NtContinue  (13956284, 0, ...
 01597   452   NtClose  (76, ...
 01598   940   NtUserQueryWindow  (65730, 0, ...
 01599   928   NtContinue  (15006936, 0, ...
 01600   896   NtContinue  (11861204, 0, ...
 01597   452   NtClose  ... ) == 0x0
 01598   940   NtUserQueryWindow  ... ) == 0x758
 01601   928   NtContinue  (15006936, 0, ...
 01602   452   NtUnmapViewOfSection  (-1, 0x880000, ...
 01603   896   NtContinue  (11861204, 0, ...
 01604   940   NtUserQueryWindow  (65730, 1, ...
 01602   452   NtUnmapViewOfSection  ... ) == 0x0
 01605   928   NtContinue  (15006936, 0, ...
 01606   896   NtContinue  (11861204, 0, ...
 01607   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Manifest"}, 1, 96, ... }, 1, 96, ...
 01604   940   NtUserQueryWindow  ... ) == 0x12c
 01608   928   NtContinue  (15006936, 0, ...
 01607   452   NtOpenFile  ... 76, {status=0x0, info=1}, ) == 0x0
 01609   896   NtContinue  (11861204, 0, ...
 01610   924   NtContinue  (13956284, 0, ...
 01611   940   NtUserQueryWindow  (65728, 0, ...
 01612   452   NtCreateSection  (0x4, 0x0, 0x0, 2, 134217728, 76, ...
 01613   896   NtContinue  (11861204, 0, ...
 01614   924   NtContinue  (13956284, 0, ...
 01612   452   NtCreateSection  ... 84, ) == 0x0
 01611   940   NtUserQueryWindow  ... ) == 0x758
 01615   896   NtContinue  (11861204, 0, ...
 01616   452   NtMapViewOfSection  (84, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 2, ...
 01617   924   NtContinue  (13956284, 0, ...
 01618   940   NtUserQueryWindow  (65728, 1, ...
 01619   928   NtContinue  (15006936, 0, ...
 01616   452   NtMapViewOfSection  ... (0x880000), 0x0, 4096, ) == 0x0
 01620   924   NtContinue  (13956284, 0, ...
 01618   940   NtUserQueryWindow  ... ) == 0x76c
 01621   452   NtQueryInformationFile  (76, 1237836, 56, NetworkOpen, ...
 01622   928   NtContinue  (15006936, 0, ...
 01623   924   NtContinue  (13956284, 0, ...
 01621   452   NtQueryInformationFile  ... {status=0x0, info=56}, ) == 0x0
 01624   940   NtUserQueryWindow  (65708, 0, ...
 01625   928   NtContinue  (15006936, 0, ...
 01626   452   NtOpenFile  (0x1200a9, {24, 0, 0x40, 0, 0,  (0x1200a9, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\WindowsShell.Config"}, 1, 96, ... }, 1, 96, ...
 01627   924   NtContinue  (13956284, 0, ...
 01624   940   NtUserQueryWindow  ... ) == 0x7d0
 01626   452   NtOpenFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01628   928   NtContinue  (15006936, 0, ...
 01629   896   NtContinue  (11861204, 0, ...
 01630   924   NtContinue  (13956284, 0, ...
 01631   452   NtRequestWaitReplyPort  (24, {128, 156, new_msg, 0, 1237916, 1, 96, 0}  (24, {128, 156, new_msg, 0, 1237916, 1, 96, 0} "\210\6\32\1\33\0\1\0\240\315Z\371\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\1L\0\0\0T\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\234\352\22\0\0\0\0\0" ...  ...
 01632   928   NtContinue  (15006936, 0, ...
 01633   896   NtContinue  (11861204, 0, ...
 01631   452   NtRequestWaitReplyPort  ... {128, 156, reply, 0, 448, 452, 1593, 0}  ... {128, 156, reply, 0, 448, 452, 1593, 0} "h\334\26\0\33\0\1\0\0\0\0\0\2209\307\1\1\0\0\0\0\0\11\4\1\1\3\0@\0D\0\250\6\32\1L\0\0\0T\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\355\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\26\0\30\0\354\6\32\1\0\0\0\0\0\0\0\0\234\352\22\0\0\0\0\0" )  ) == 0x0
 01634   924   NtContinue  (13956284, 0, ...
 01635   928   NtContinue  (15006936, 0, ...
 01636   452   NtClose  (76, ...
 01637   896   NtContinue  (11861204, 0, ...
 01638   924   NtContinue  (13956284, 0, ...
 01639   940   NtUserQueryWindow  (65708, 1, ...
 01636   452   NtClose  ... ) == 0x0
 01640   896   NtContinue  (11861204, 0, ...
 01641   924   NtContinue  (13956284, 0, ...
 01642   452   NtClose  (84, ...
 01639   940   NtUserQueryWindow  ... ) == 0x7d4
 01643   896   NtContinue  (11861204, 0, ...
 01642   452   NtClose  ... ) == 0x0
 01644   924   NtContinue  (13956284, 0, ...
 01645   940   NtUserQueryWindow  (65644, 0, ...
 01646   452   NtUnmapViewOfSection  (-1, 0x880000, ...
 01647   896   NtContinue  (11861204, 0, ...
 01648   924   NtContinue  (13956284, 0, ...
 01646   452   NtUnmapViewOfSection  ... ) == 0x0
 01645   940   NtUserQueryWindow  ... ) == 0x758
 01649   928   NtContinue  (15006936, 0, ...
 01650   896   NtContinue  (11861204, 0, ...
 01651   452   NtUnmapViewOfSection  (-1, 0x12ea9c, ...
 01652   940   NtUserQueryWindow  (65644, 1, ...
 01653   928   NtContinue  (15006936, 0, ...
 01651   452   NtUnmapViewOfSection  ... ) == STATUS_NOT_MAPPED_VIEW
 01654   896   NtContinue  (11861204, 0, ...
 01652   940   NtUserQueryWindow  ... ) == 0x78c
 01655   452   NtQueryDebugFilterState  (53, 2, ...
 01656   928   NtContinue  (15006936, 0, ...
 01657   896   NtContinue  (11861204, 0, ...
 01658   924   NtContinue  (13956284, 0, ...
 01655   452   NtQueryDebugFilterState  ... ) == 0x0
 01659   928   NtContinue  (15006936, 0, ...
 01660   896   NtContinue  (11861204, 0, ...
 01661   452   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... , ...
 01662   924   NtContinue  (13956284, 0, ...
 01663   928   NtContinue  (15006936, 0, ...
 01661   452   NtUserRegisterWindowMessage  ... ) == 0xc03a
 01664   896   NtContinue  (11861204, 0, ...
 01665   924   NtContinue  (13956284, 0, ...
 01666   452   NtUserSystemParametersInfo  (104, 0, 1906151468, 0, ...
 01667   928   NtContinue  (15006936, 0, ...
 01668   896   NtContinue  (11861204, 0, ...
 01666   452   NtUserSystemParametersInfo  ... ) == 0x1
 01669   924   NtContinue  (13956284, 0, ...
 01670   940   NtUserQueryWindow  (327760, 0, ...
 01671   928   NtContinue  (15006936, 0, ...
 01672   452   NtUserGetDC  (0, ...
 01673   924   NtContinue  (13956284, 0, ...
 01670   940   NtUserQueryWindow  ... ) == 0x758
 01672   452   NtUserGetDC  ... ) == 0x1010050
 01674   928   NtContinue  (15006936, 0, ...
 01675   924   NtContinue  (13956284, 0, ...
 01676   452   NtUserCallOneParam  (16842832, 56, ...
 01677   940   NtUserQueryWindow  (327760, 1, ...
 01678   928   NtContinue  (15006936, 0, ...
 01679   896   NtContinue  (11861204, 0, ...
 01676   452   NtUserCallOneParam  ... ) == 0x1
 01677   940   NtUserQueryWindow  ... ) == 0x75c
 01680   928   NtContinue  (15006936, 0, ...
 01681   452   NtUserSystemParametersInfo  (38, 4, 1906153440, 0, ...
 01682   896   NtContinue  (11861204, 0, ...
 01683   940   NtUserQueryWindow  (262228, 0, ...
 01681   452   NtUserSystemParametersInfo  ... ) == 0x1
 01684   928   NtContinue  (15006936, 0, ...
 01685   896   NtContinue  (11861204, 0, ...
 01686   452   NtUserSystemParametersInfo  (66, 12, 1240328, 0, ...
 01683   940   NtUserQueryWindow  ... ) == 0x758
 01687   928   NtContinue  (15006936, 0, ...
 01686   452   NtUserSystemParametersInfo  ... ) == 0x1
 01688   896   NtContinue  (11861204, 0, ...
 01689   924   NtContinue  (13956284, 0, ...
 01690   940   NtUserQueryWindow  (262228, 1, ...
 01691   452   NtOpenProcessToken  (-1, 0x8, ...
 01692   896   NtContinue  (11861204, 0, ...
 01693   924   NtContinue  (13956284, 0, ...
 01691   452   NtOpenProcessToken  ... 84, ) == 0x0
 01690   940   NtUserQueryWindow  ... ) == 0x75c
 01694   896   NtContinue  (11861204, 0, ...
 01695   452   NtAccessCheck  (1327736, 84, 0x1, 1239732, 1239676, 56, 1239760, ...
 01696   924   NtContinue  (13956284, 0, ...
 01697   940   NtUserQueryWindow  (327758, 0, ...
 01698   928   NtContinue  (15006936, 0, ...
 01695   452   NtAccessCheck  ... ) == STATUS_NO_IMPERSONATION_TOKEN
 01699   924   NtContinue  (13956284, 0, ...
 01697   940   NtUserQueryWindow  ... ) == 0x758
 01700   452   NtClose  (84, ...
 01701   928   NtContinue  (15006936, 0, ...
 01702   924   NtContinue  (13956284, 0, ...
 01700   452   NtClose  ... ) == 0x0
 01703   940   NtUserQueryWindow  (327758, 1, ...
 01704   928   NtContinue  (15006936, 0, ...
 01705   452   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ...
 01706   924   NtContinue  (13956284, 0, ...
 01703   940   NtUserQueryWindow  ... ) == 0x75c
 01705   452   NtOpenThreadTokenEx  ... ) == STATUS_NO_TOKEN
 01707   928   NtContinue  (15006936, 0, ...
 01708   896   NtContinue  (11861204, 0, ...
 01709   924   NtContinue  (13956284, 0, ...
 01710   452   NtOpenProcessTokenEx  (-1, 0x20008, 512, ...
 01711   928   NtContinue  (15006936, 0, ...
 01712   896   NtContinue  (11861204, 0, ...
 01710   452   NtOpenProcessTokenEx  ... 84, ) == 0x0
 01713   924   NtContinue  (13956284, 0, ...
 01714   928   NtContinue  (15006936, 0, ...
 01715   452   NtQueryInformationToken  (84, User, 80, ...
 01716   896   NtContinue  (11861204, 0, ...
 01717   924   NtContinue  (13956284, 0, ...
 01718   940   NtUserQueryWindow  (65662, 0, ...
 01715   452   NtQueryInformationToken  ... {token info, class 1, size 36}, 36, ) == 0x0
 01719   896   NtContinue  (11861204, 0, ...
 01720   924   NtContinue  (13956284, 0, ...
 01721   452   NtClose  (84, ...
 01718   940   NtUserQueryWindow  ... ) == 0x758
 01722   896   NtContinue  (11861204, 0, ...
 01721   452   NtClose  ... ) == 0x0
 01723   924   NtContinue  (13956284, 0, ...
 01724   940   NtUserQueryWindow  (65662, 1, ...
 01725   452   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... }, ...
 01726   896   NtContinue  (11861204, 0, ...
 01727   924   NtContinue  (13956284, 0, ...
 01725   452   NtOpenKey  ... 84, ) == 0x0
 01724   940   NtUserQueryWindow  ... ) == 0x75c
 01728   928   NtContinue  (15006936, 0, ...
 01729   896   NtContinue  (11861204, 0, ...
 01730   452   NtSetInformationObject  (84, Handle, {Inherit=0,ProtectFromClose=1,}, 1179904, ...
 01731   940   NtUserQueryWindow  (65654, 0, ...
 01732   928   NtContinue  (15006936, 0, ...
 01730   452   NtSetInformationObject  ... ) == 0x0
 01733   896   NtContinue  (11861204, 0, ...
 01731   940   NtUserQueryWindow  ... ) == 0x758
 01734   452   NtOpenKey  (0x20019, {24, 84, 0x40, 0, 0,  (0x20019, {24, 84, 0x40, 0, 0, "Control Panel\Desktop"}, ... }, ...
 01735   928   NtContinue  (15006936, 0, ...
 01736   896   NtContinue  (11861204, 0, ...
 01737   924   NtContinue  (13956284, 0, ...
 01734   452   NtOpenKey  ... 76, ) == 0x0
 01738   928   NtContinue  (15006936, 0, ...
 01739   896   NtContinue  (11861204, 0, ...
 01740   452   NtQueryValueKey  (76,  (76, "SmoothScroll", Partial, 144, ... , Partial, 144, ...
 01741   924   NtContinue  (13956284, 0, ...
 01742   928   NtContinue  (15006936, 0, ...
 01740   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01743   896   NtContinue  (11861204, 0, ...
 01744   924   NtContinue  (13956284, 0, ...
 01745   452   NtClose  (76, ...
 01746   928   NtContinue  (15006936, 0, ...
 01747   896   NtContinue  (11861204, 0, ...
 01745   452   NtClose  ... ) == 0x0
 01748   924   NtContinue  (13956284, 0, ...
 01749   940   NtUserQueryWindow  (65654, 1, ...
 01750   928   NtContinue  (15006936, 0, ...
 01751   452   NtUserSystemParametersInfo  (41, 500, 1239828, 0, ...
 01752   924   NtContinue  (13956284, 0, ...
 01749   940   NtUserQueryWindow  ... ) == 0x75c
 01751   452   NtUserSystemParametersInfo  ... ) == 0x1
 01753   928   NtContinue  (15006936, 0, ...
 01754   924   NtContinue  (13956284, 0, ...
 01755   452   NtOpenKey  (0x1, {24, 84, 0x40, 0, 0,  (0x1, {24, 84, 0x40, 0, 0, "software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"}, ... }, ...
 01756   940   NtQueryInformationThread  (-2, AmILastThread, 4, ...
 01757   928   NtContinue  (15006936, 0, ...
 01758   896   NtContinue  (11861204, 0, ...
 01755   452   NtOpenKey  ... 76, ) == 0x0
 01756   940   NtQueryInformationThread  ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 01759   928   NtContinue  (15006936, 0, ...
 01760   452   NtQueryValueKey  (76,  (76, "EnableBalloonTips", Partial, 144, ... , Partial, 144, ...
 01761   896   NtContinue  (11861204, 0, ...
 01762   940   NtWaitForSingleObject  (72, 0, 0x0, ...
 01760   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01763   928   NtContinue  (15006936, 0, ...
 01764   896   NtContinue  (11861204, 0, ...
 01765   452   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"}, ... }, ...
 01766   928   NtContinue  (15006936, 0, ...
 01765   452   NtOpenKey  ... 88, ) == 0x0
 01767   896   NtContinue  (11861204, 0, ...
 01768   924   NtContinue  (13956284, 0, ...
 01769   452   NtQueryValueKey  (88,  (88, "EnableBalloonTips", Partial, 144, ... , Partial, 144, ...
 01770   896   NtContinue  (11861204, 0, ...
 01769   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01771   924   NtContinue  (13956284, 0, ...
 01772   452   NtClose  (88, ...
 01773   896   NtContinue  (11861204, 0, ...
 01772   452   NtClose  ... ) == 0x0
 01774   924   NtContinue  (13956284, 0, ...
 01775   928   NtContinue  (15006936, 0, ...
 01776   452   NtClose  (76, ...
 01777   924   NtContinue  (13956284, 0, ...
 01776   452   NtClose  ... ) == 0x0
 01778   928   NtContinue  (15006936, 0, ...
 01779   452   NtUserSystemParametersInfo  (102, 0, 1906153328, 0, ...
 01780   924   NtContinue  (13956284, 0, ...
 01779   452   NtUserSystemParametersInfo  ... ) == 0x1
 01781   928   NtContinue  (15006936, 0, ...
 01782   452   NtUserSystemParametersInfo  (4130, 0, 1240352, 0, ...
 01783   924   NtContinue  (13956284, 0, ...
 01782   452   NtUserSystemParametersInfo  ... ) == 0x1
 01784   928   NtContinue  (15006936, 0, ...
 01785   896   NtContinue  (11861204, 0, ...
 01786   452   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\LanguagePack"}, ... }, ...
 01787   928   NtContinue  (15006936, 0, ...
 01786   452   NtOpenKey  ... 76, ) == 0x0
 01788   896   NtContinue  (11861204, 0, ...
 01789   452   NtEnumerateValueKey  (76, 0, Full, 220, ...
 01790   928   NtContinue  (15006936, 0, ...
 01789   452   NtEnumerateValueKey  ... ) == STATUS_NO_MORE_ENTRIES
 01791   896   NtContinue  (11861204, 0, ...
 01792   924   NtContinue  (13956284, 0, ...
 01793   452   NtClose  (76, ...
 01794   896   NtContinue  (11861204, 0, ...
 01793   452   NtClose  ... ) == 0x0
 01795   924   NtContinue  (13956284, 0, ...
 01796   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01797   896   NtContinue  (11861204, 0, ...
 01796   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01798   924   NtContinue  (13956284, 0, ...
 01799   452   NtAllocateVirtualMemory  (-1, 1331200, 0, 4096, 4096, 4, ...
 01800   896   NtContinue  (11861204, 0, ...
 01799   452   NtAllocateVirtualMemory  ... 1331200, 4096, ) == 0x0
 01801   924   NtContinue  (13956284, 0, ...
 01802   928   NtContinue  (15006936, 0, ...
 01803   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01804   924   NtContinue  (13956284, 0, ...
 01803   452   NtUserRegisterClassExWOW  ... ) == 0x810dc03b
 01805   928   NtContinue  (15006936, 0, ...
 01806   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01807   924   NtContinue  (13956284, 0, ...
 01806   452   NtUserRegisterClassExWOW  ... ) == 0x810dc03d
 01808   928   NtContinue  (15006936, 0, ...
 01809   896   NtContinue  (11861204, 0, ...
 01810   452   NtUserFindExistingCursorIcon  (1239632, 1239648, 1240216, ...
 01811   928   NtContinue  (15006936, 0, ...
 01810   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01812   896   NtContinue  (11861204, 0, ...
 01813   452   NtUserRegisterClassExWOW  (1240084, 1240164, 1240148, 1240180, 0, 384, 0, ...
 01814   928   NtContinue  (15006936, 0, ...
 01813   452   NtUserRegisterClassExWOW  ... ) == 0x810dc03f
 01815   896   NtContinue  (11861204, 0, ...
 01816   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01817   928   NtContinue  (15006936, 0, ...
 01816   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01818   896   NtContinue  (11861204, 0, ...
 01819   924   NtContinue  (13956284, 0, ...
 01820   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01821   896   NtContinue  (11861204, 0, ...
 01820   452   NtUserRegisterClassExWOW  ... ) == 0x810dc041
 01822   924   NtContinue  (13956284, 0, ...
 01823   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01824   896   NtContinue  (11861204, 0, ...
 01823   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01825   924   NtContinue  (13956284, 0, ...
 01826   928   NtContinue  (15006936, 0, ...
 01827   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01828   896   NtContinue  (11861204, 0, ...
 01827   452   NtUserRegisterClassExWOW  ... ) == 0x810dc043
 01829   928   NtContinue  (15006936, 0, ...
 01830   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01831   896   NtContinue  (11861204, 0, ...
 01830   452   NtUserRegisterClassExWOW  ... ) == 0x810dc045
 01832   928   NtContinue  (15006936, 0, ...
 01833   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01834   896   NtContinue  (11861204, 0, ...
 01833   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01835   928   NtContinue  (15006936, 0, ...
 01836   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01837   896   NtContinue  (11861204, 0, ...
 01836   452   NtUserRegisterClassExWOW  ... ) == 0x810dc047
 01838   928   NtContinue  (15006936, 0, ...
 01839   452   NtUserFindExistingCursorIcon  (1239632, 1239648, 1240216, ...
 01840   896   NtContinue  (11861204, 0, ...
 01839   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01841   928   NtContinue  (15006936, 0, ...
 01842   452   NtUserRegisterClassExWOW  (1240084, 1240164, 1240148, 1240180, 0, 384, 0, ...
 01843   896   NtContinue  (11861204, 0, ...
 01844   924   NtContinue  (13956284, 0, ...
 01842   452   NtUserRegisterClassExWOW  ... ) == 0x810dc049
 01845   928   NtContinue  (15006936, 0, ...
 01846   452   NtUserGetClassInfo  (1905590272, 1240248, 1240200, 1240276, 0, ...
 01847   924   NtContinue  (13956284, 0, ...
 01846   452   NtUserGetClassInfo  ... ) == 0xc049
 01848   928   NtContinue  (15006936, 0, ...
 01849   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01850   924   NtContinue  (13956284, 0, ...
 01849   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01851   928   NtContinue  (15006936, 0, ...
 01852   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01853   924   NtContinue  (13956284, 0, ...
 01852   452   NtUserRegisterClassExWOW  ... ) == 0x810dc04b
 01854   928   NtContinue  (15006936, 0, ...
 01855   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01856   924   NtContinue  (13956284, 0, ...
 01855   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01857   928   NtContinue  (15006936, 0, ...
 01858   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01859   924   NtContinue  (13956284, 0, ...
 01858   452   NtUserRegisterClassExWOW  ... ) == 0x810dc04d
 01860   928   NtContinue  (15006936, 0, ...
 01861   896   NtContinue  (11861204, 0, ...
 01862   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01863   924   NtContinue  (13956284, 0, ...
 01862   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01864   896   NtContinue  (11861204, 0, ...
 01865   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01866   924   NtContinue  (13956284, 0, ...
 01865   452   NtUserRegisterClassExWOW  ... ) == 0x810dc04f
 01867   896   NtContinue  (11861204, 0, ...
 01868   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01869   924   NtContinue  (13956284, 0, ...
 01868   452   NtUserRegisterClassExWOW  ... ) == 0x810dc051
 01870   896   NtContinue  (11861204, 0, ...
 01871   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01872   924   NtContinue  (13956284, 0, ...
 01871   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01873   896   NtContinue  (11861204, 0, ...
 01874   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01875   924   NtContinue  (13956284, 0, ...
 01874   452   NtUserRegisterClassExWOW  ... ) == 0x810dc053
 01876   896   NtContinue  (11861204, 0, ...
 01877   452   NtUserFindExistingCursorIcon  (1239632, 1239648, 1240216, ...
 01878   924   NtContinue  (13956284, 0, ...
 01879   928   NtContinue  (15006936, 0, ...
 01877   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01880   896   NtContinue  (11861204, 0, ...
 01881   452   NtUserRegisterClassExWOW  (1240084, 1240164, 1240148, 1240180, 0, 384, 0, ...
 01882   928   NtContinue  (15006936, 0, ...
 01881   452   NtUserRegisterClassExWOW  ... ) == 0x810dc055
 01883   896   NtContinue  (11861204, 0, ...
 01884   452   NtUserRegisterClassExWOW  (1240084, 1240164, 1240148, 1240180, 0, 384, 0, ...
 01885   928   NtContinue  (15006936, 0, ...
 01884   452   NtUserRegisterClassExWOW  ... ) == 0x810dc057
 01886   896   NtContinue  (11861204, 0, ...
 01887   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01888   928   NtContinue  (15006936, 0, ...
 01887   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01889   896   NtContinue  (11861204, 0, ...
 01890   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01891   928   NtContinue  (15006936, 0, ...
 01890   452   NtUserRegisterClassExWOW  ... ) == 0x810dc059
 01892   896   NtContinue  (11861204, 0, ...
 01893   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01894   928   NtContinue  (15006936, 0, ...
 01893   452   NtUserFindExistingCursorIcon  ... ) == 0x10013
 01895   896   NtContinue  (11861204, 0, ...
 01896   924   NtContinue  (13956284, 0, ...
 01897   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01898   928   NtContinue  (15006936, 0, ...
 01897   452   NtUserRegisterClassExWOW  ... ) == 0x810dc05b
 01899   924   NtContinue  (13956284, 0, ...
 01900   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01901   928   NtContinue  (15006936, 0, ...
 01900   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01902   924   NtContinue  (13956284, 0, ...
 01903   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01904   928   NtContinue  (15006936, 0, ...
 01903   452   NtUserRegisterClassExWOW  ... ) == 0x810dc05d
 01905   924   NtContinue  (13956284, 0, ...
 01906   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01907   928   NtContinue  (15006936, 0, ...
 01906   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01908   924   NtContinue  (13956284, 0, ...
 01909   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01910   928   NtContinue  (15006936, 0, ...
 01909   452   NtUserRegisterClassExWOW  ... ) == 0x810dc05f
 01911   924   NtContinue  (13956284, 0, ...
 01912   452   NtUserFindExistingCursorIcon  (1239632, 1239648, 1240216, ...
 01913   928   NtContinue  (15006936, 0, ...
 01914   896   NtContinue  (11861204, 0, ...
 01912   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01915   924   NtContinue  (13956284, 0, ...
 01916   452   NtUserRegisterClassExWOW  (1240084, 1240164, 1240148, 1240180, 0, 384, 0, ...
 01917   896   NtContinue  (11861204, 0, ...
 01916   452   NtUserRegisterClassExWOW  ... ) == 0x810dc017
 01918   924   NtContinue  (13956284, 0, ...
 01919   452   NtUserFindExistingCursorIcon  (1239632, 1239648, 1240216, ...
 01920   896   NtContinue  (11861204, 0, ...
 01919   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01921   924   NtContinue  (13956284, 0, ...
 01922   452   NtUserRegisterClassExWOW  (1240084, 1240164, 1240148, 1240180, 0, 384, 0, ...
 01923   896   NtContinue  (11861204, 0, ...
 01922   452   NtUserRegisterClassExWOW  ... ) == 0x810dc019
 01924   924   NtContinue  (13956284, 0, ...
 01925   452   NtUserFindExistingCursorIcon  (1239632, 1239648, 1240216, ...
 01926   896   NtContinue  (11861204, 0, ...
 01925   452   NtUserFindExistingCursorIcon  ... ) == 0x10013
 01927   924   NtContinue  (13956284, 0, ...
 01928   452   NtUserRegisterClassExWOW  (1240084, 1240164, 1240148, 1240180, 0, 384, 0, ...
 01929   896   NtContinue  (11861204, 0, ...
 01928   452   NtUserRegisterClassExWOW  ... ) == 0x810dc018
 01930   924   NtContinue  (13956284, 0, ...
 01931   928   NtContinue  (15006936, 0, ...
 01932   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01933   896   NtContinue  (11861204, 0, ...
 01932   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01934   928   NtContinue  (15006936, 0, ...
 01935   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01936   896   NtContinue  (11861204, 0, ...
 01935   452   NtUserRegisterClassExWOW  ... ) == 0x810dc01a
 01937   928   NtContinue  (15006936, 0, ...
 01938   452   NtUserFindExistingCursorIcon  (1239632, 1239648, 1240216, ...
 01939   896   NtContinue  (11861204, 0, ...
 01938   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01940   928   NtContinue  (15006936, 0, ...
 01941   452   NtUserRegisterClassExWOW  (1240084, 1240164, 1240148, 1240180, 0, 384, 0, ...
 01942   896   NtContinue  (11861204, 0, ...
 01941   452   NtUserRegisterClassExWOW  ... ) == 0x810dc01c
 01943   928   NtContinue  (15006936, 0, ...
 01944   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01945   896   NtContinue  (11861204, 0, ...
 01944   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01946   928   NtContinue  (15006936, 0, ...
 01947   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01948   896   NtContinue  (11861204, 0, ...
 01949   924   NtContinue  (13956284, 0, ...
 01947   452   NtUserRegisterClassExWOW  ... ) == 0x810dc01e
 01950   928   NtContinue  (15006936, 0, ...
 01951   452   NtUserFindExistingCursorIcon  (1239632, 1239648, 1240216, ...
 01952   924   NtContinue  (13956284, 0, ...
 01951   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01953   928   NtContinue  (15006936, 0, ...
 01954   452   NtUserRegisterClassExWOW  (1240144, 1240224, 1240208, 1240240, 0, 384, 0, ...
 01955   924   NtContinue  (13956284, 0, ...
 01954   452   NtUserRegisterClassExWOW  ... ) == 0x810dc01b
 01956   928   NtContinue  (15006936, 0, ...
 01957   452   NtUserFindExistingCursorIcon  (1239628, 1239644, 1240212, ...
 01958   924   NtContinue  (13956284, 0, ...
 01957   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01959   928   NtContinue  (15006936, 0, ...
 01960   452   NtUserRegisterClassExWOW  (1240140, 1240220, 1240204, 1240236, 0, 384, 0, ...
 01961   924   NtContinue  (13956284, 0, ...
 01960   452   NtUserRegisterClassExWOW  ... ) == 0x810dc068
 01962   928   NtContinue  (15006936, 0, ...
 01963   452   NtUserFindExistingCursorIcon  (1239636, 1239652, 1240220, ...
 01964   924   NtContinue  (13956284, 0, ...
 01963   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 01965   928   NtContinue  (15006936, 0, ...
 01966   896   NtContinue  (11861204, 0, ...
 01967   452   NtUserRegisterClassExWOW  (1240088, 1240168, 1240152, 1240184, 0, 384, 0, ...
 01968   924   NtContinue  (13956284, 0, ...
 01969   452   NtAllocateVirtualMemory  (-1, 5619712, 0, 4096, 4096, 32, ...
 01970   896   NtContinue  (11861204, 0, ...
 01969   452   NtAllocateVirtualMemory  ... 5619712, 4096, ) == 0x0
 01971   924   NtContinue  (13956284, 0, ...
 01967   452   NtUserRegisterClassExWOW  ... ) == 0x810dc06a
 01972   896   NtContinue  (11861204, 0, ...
 01973   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "comctl32.dll"}, ... }, ...
 01974   924   NtContinue  (13956284, 0, ...
 01973   452   NtOpenSection  ... 76, ) == 0x0
 01975   896   NtContinue  (11861204, 0, ...
 01976   452   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 01977   924   NtContinue  (13956284, 0, ...
 01976   452   NtMapViewOfSection  ... (0x77340000), 0x0, 569344, ) == 0x0
 01978   896   NtContinue  (11861204, 0, ...
 01979   452   NtClose  (76, ...
 01980   924   NtContinue  (13956284, 0, ...
 01979   452   NtClose  ... ) == 0x0
 01981   896   NtContinue  (11861204, 0, ...
 01982   452   NtOpenProcess  (0x400, {24, 0, 0x0, 0, 0, 0x0}, {448, 0}, ...
 01983   924   NtContinue  (13956284, 0, ...
 01984   928   NtContinue  (15006936, 0, ...
 01982   452   NtOpenProcess  ... 76, ) == 0x0
 01985   896   NtContinue  (11861204, 0, ...
 01986   452   NtQueryInformationProcess  (76, Session, 4, ...
 01987   928   NtContinue  (15006936, 0, ...
 01986   452   NtQueryInformationProcess  ... {SessionId=0,}, 0x0, ) == 0x0
 01988   896   NtContinue  (11861204, 0, ...
 01989   452   NtClose  (76, ...
 01990   928   NtContinue  (15006936, 0, ...
 01989   452   NtClose  ... ) == 0x0
 01991   896   NtContinue  (11861204, 0, ...
 01992   452   NtUserRegisterWindowMessage  ( ("ShellGetDragImage", ... , ...
 01993   928   NtContinue  (15006936, 0, ...
 01992   452   NtUserRegisterWindowMessage  ... ) == 0xc03a
 01994   896   NtContinue  (11861204, 0, ...
 01995   452   NtUserSystemParametersInfo  (104, 0, 2000318720, 0, ...
 01996   928   NtContinue  (15006936, 0, ...
 01995   452   NtUserSystemParametersInfo  ... ) == 0x1
 01997   896   NtContinue  (11861204, 0, ...
 01998   452   NtUserSystemParametersInfo  (38, 4, 2000318708, 0, ...
 01999   928   NtContinue  (15006936, 0, ...
 01998   452   NtUserSystemParametersInfo  ... ) == 0x1
 02000   896   NtContinue  (11861204, 0, ...
 02001   924   NtContinue  (13956284, 0, ...
 02002   452   NtOpenKey  (0x20019, {24, 84, 0x40, 0, 0,  (0x20019, {24, 84, 0x40, 0, 0, "Control Panel\Desktop"}, ... }, ...
 02003   928   NtContinue  (15006936, 0, ...
 02002   452   NtOpenKey  ... 76, ) == 0x0
 02004   924   NtContinue  (13956284, 0, ...
 02005   452   NtQueryValueKey  (76,  (76, "SmoothScroll", Partial, 144, ... , Partial, 144, ...
 02006   928   NtContinue  (15006936, 0, ...
 02005   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02007   924   NtContinue  (13956284, 0, ...
 02008   452   NtClose  (76, ...
 02009   928   NtContinue  (15006936, 0, ...
 02008   452   NtClose  ... ) == 0x0
 02010   924   NtContinue  (13956284, 0, ...
 02011   452   NtUserSystemParametersInfo  (41, 500, 1240988, 0, ...
 02012   928   NtContinue  (15006936, 0, ...
 02011   452   NtUserSystemParametersInfo  ... ) == 0x1
 02013   924   NtContinue  (13956284, 0, ...
 02014   452   NtUserSystemParametersInfo  (102, 0, 2000318732, 0, ...
 02015   928   NtContinue  (15006936, 0, ...
 02014   452   NtUserSystemParametersInfo  ... ) == 0x1
 02016   924   NtContinue  (13956284, 0, ...
 02017   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02018   928   NtContinue  (15006936, 0, ...
 02019   896   NtContinue  (11861204, 0, ...
 02017   452   NtUserGetClassInfo  ... ) == 0x0
 02020   924   NtContinue  (13956284, 0, ...
 02021   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02022   896   NtContinue  (11861204, 0, ...
 02021   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02023   924   NtContinue  (13956284, 0, ...
 02024   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02025   896   NtContinue  (11861204, 0, ...
 02024   452   NtUserRegisterClassExWOW  ... ) == 0x810dc03b
 02026   924   NtContinue  (13956284, 0, ...
 02027   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02028   896   NtContinue  (11861204, 0, ...
 02027   452   NtUserGetClassInfo  ... ) == 0x0
 02029   924   NtContinue  (13956284, 0, ...
 02030   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02031   896   NtContinue  (11861204, 0, ...
 02030   452   NtUserRegisterClassExWOW  ... ) == 0x810dc03d
 02032   924   NtContinue  (13956284, 0, ...
 02033   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02034   896   NtContinue  (11861204, 0, ...
 02033   452   NtUserGetClassInfo  ... ) == 0x0
 02035   924   NtContinue  (13956284, 0, ...
 02036   928   NtContinue  (15006936, 0, ...
 02037   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02038   896   NtContinue  (11861204, 0, ...
 02037   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02039   928   NtContinue  (15006936, 0, ...
 02040   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02041   896   NtContinue  (11861204, 0, ...
 02040   452   NtUserRegisterClassExWOW  ... ) == 0x810dc03f
 02042   928   NtContinue  (15006936, 0, ...
 02043   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02044   896   NtContinue  (11861204, 0, ...
 02043   452   NtUserGetClassInfo  ... ) == 0x0
 02045   928   NtContinue  (15006936, 0, ...
 02046   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02047   896   NtContinue  (11861204, 0, ...
 02046   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02048   928   NtContinue  (15006936, 0, ...
 02049   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02050   896   NtContinue  (11861204, 0, ...
 02049   452   NtUserRegisterClassExWOW  ... ) == 0x810dc041
 02051   928   NtContinue  (15006936, 0, ...
 02052   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02053   896   NtContinue  (11861204, 0, ...
 02054   924   NtContinue  (13956284, 0, ...
 02052   452   NtUserGetClassInfo  ... ) == 0x0
 02055   928   NtContinue  (15006936, 0, ...
 02056   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02057   924   NtContinue  (13956284, 0, ...
 02056   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02058   928   NtContinue  (15006936, 0, ...
 02059   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02060   924   NtContinue  (13956284, 0, ...
 02059   452   NtUserRegisterClassExWOW  ... ) == 0x810dc043
 02061   928   NtContinue  (15006936, 0, ...
 02062   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02063   924   NtContinue  (13956284, 0, ...
 02062   452   NtUserGetClassInfo  ... ) == 0x0
 02064   928   NtContinue  (15006936, 0, ...
 02065   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02066   924   NtContinue  (13956284, 0, ...
 02065   452   NtUserRegisterClassExWOW  ... ) == 0x810dc045
 02067   928   NtContinue  (15006936, 0, ...
 02068   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02069   924   NtContinue  (13956284, 0, ...
 02068   452   NtUserGetClassInfo  ... ) == 0x0
 02070   928   NtContinue  (15006936, 0, ...
 02071   896   NtContinue  (11861204, 0, ...
 02072   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02073   924   NtContinue  (13956284, 0, ...
 02072   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02074   896   NtContinue  (11861204, 0, ...
 02075   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02076   924   NtContinue  (13956284, 0, ...
 02075   452   NtUserRegisterClassExWOW  ... ) == 0x810dc047
 02077   896   NtContinue  (11861204, 0, ...
 02078   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02079   924   NtContinue  (13956284, 0, ...
 02078   452   NtUserGetClassInfo  ... ) == 0x0
 02080   896   NtContinue  (11861204, 0, ...
 02081   452   NtUserFindExistingCursorIcon  (1240776, 1240792, 1241360, ...
 02082   924   NtContinue  (13956284, 0, ...
 02081   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02083   896   NtContinue  (11861204, 0, ...
 02084   452   NtUserRegisterClassExWOW  (1241228, 1241308, 1241292, 1241324, 0, 384, 0, ...
 02085   924   NtContinue  (13956284, 0, ...
 02084   452   NtUserRegisterClassExWOW  ... ) == 0x810dc049
 02086   896   NtContinue  (11861204, 0, ...
 02087   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02088   924   NtContinue  (13956284, 0, ...
 02089   928   NtContinue  (15006936, 0, ...
 02087   452   NtUserGetClassInfo  ... ) == 0x0
 02090   896   NtContinue  (11861204, 0, ...
 02091   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02092   928   NtContinue  (15006936, 0, ...
 02091   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02093   896   NtContinue  (11861204, 0, ...
 02094   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02095   928   NtContinue  (15006936, 0, ...
 02094   452   NtUserRegisterClassExWOW  ... ) == 0x810dc04b
 02096   896   NtContinue  (11861204, 0, ...
 02097   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02098   928   NtContinue  (15006936, 0, ...
 02097   452   NtUserGetClassInfo  ... ) == 0x0
 02099   896   NtContinue  (11861204, 0, ...
 02100   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02101   928   NtContinue  (15006936, 0, ...
 02100   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02102   896   NtContinue  (11861204, 0, ...
 02103   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02104   928   NtContinue  (15006936, 0, ...
 02103   452   NtUserRegisterClassExWOW  ... ) == 0x810dc04d
 02105   896   NtContinue  (11861204, 0, ...
 02106   924   NtContinue  (13956284, 0, ...
 02107   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02108   928   NtContinue  (15006936, 0, ...
 02107   452   NtUserGetClassInfo  ... ) == 0x0
 02109   924   NtContinue  (13956284, 0, ...
 02110   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02111   928   NtContinue  (15006936, 0, ...
 02110   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02112   924   NtContinue  (13956284, 0, ...
 02113   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02114   928   NtContinue  (15006936, 0, ...
 02113   452   NtUserRegisterClassExWOW  ... ) == 0x810dc04f
 02115   924   NtContinue  (13956284, 0, ...
 02116   452   NtUserGetClassInfo  (1999896576, 1241400, 1241352, 1241428, 0, ...
 02117   928   NtContinue  (15006936, 0, ...
 02116   452   NtUserGetClassInfo  ... ) == 0x0
 02118   924   NtContinue  (13956284, 0, ...
 02119   452   NtUserRegisterClassExWOW  (1241236, 1241316, 1241300, 1241332, 0, 384, 0, ...
 02120   928   NtContinue  (15006936, 0, ...
 02119   452   NtUserRegisterClassExWOW  ... ) == 0x810dc051
 02121   924   NtContinue  (13956284, 0, ...
 02122   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02123   928   NtContinue  (15006936, 0, ...
 02124   896   NtContinue  (11861204, 0, ...
 02122   452   NtUserGetClassInfo  ... ) == 0x0
 02125   924   NtContinue  (13956284, 0, ...
 02126   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02127   896   NtContinue  (11861204, 0, ...
 02126   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02128   924   NtContinue  (13956284, 0, ...
 02129   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02130   896   NtContinue  (11861204, 0, ...
 02129   452   NtUserRegisterClassExWOW  ... ) == 0x810dc053
 02131   924   NtContinue  (13956284, 0, ...
 02132   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02133   896   NtContinue  (11861204, 0, ...
 02132   452   NtUserGetClassInfo  ... ) == 0x0
 02134   924   NtContinue  (13956284, 0, ...
 02135   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02136   896   NtContinue  (11861204, 0, ...
 02135   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02137   924   NtContinue  (13956284, 0, ...
 02138   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02139   896   NtContinue  (11861204, 0, ...
 02138   452   NtUserRegisterClassExWOW  ... ) == 0x810dc055
 02140   924   NtContinue  (13956284, 0, ...
 02141   928   NtContinue  (15006936, 0, ...
 02142   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02143   896   NtContinue  (11861204, 0, ...
 02142   452   NtUserRegisterClassExWOW  ... ) == 0x810dc057
 02144   928   NtContinue  (15006936, 0, ...
 02145   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02146   896   NtContinue  (11861204, 0, ...
 02145   452   NtUserGetClassInfo  ... ) == 0x0
 02147   928   NtContinue  (15006936, 0, ...
 02148   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02149   896   NtContinue  (11861204, 0, ...
 02148   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02150   928   NtContinue  (15006936, 0, ...
 02151   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02152   896   NtContinue  (11861204, 0, ...
 02151   452   NtUserRegisterClassExWOW  ... ) == 0x810dc059
 02153   928   NtContinue  (15006936, 0, ...
 02154   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02155   896   NtContinue  (11861204, 0, ...
 02154   452   NtUserGetClassInfo  ... ) == 0x0
 02156   928   NtContinue  (15006936, 0, ...
 02157   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02158   896   NtContinue  (11861204, 0, ...
 02159   924   NtContinue  (13956284, 0, ...
 02157   452   NtUserFindExistingCursorIcon  ... ) == 0x10013
 02160   928   NtContinue  (15006936, 0, ...
 02161   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02162   924   NtContinue  (13956284, 0, ...
 02161   452   NtUserRegisterClassExWOW  ... ) == 0x810dc05b
 02163   928   NtContinue  (15006936, 0, ...
 02164   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02165   924   NtContinue  (13956284, 0, ...
 02164   452   NtUserGetClassInfo  ... ) == 0x0
 02166   928   NtContinue  (15006936, 0, ...
 02167   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02168   924   NtContinue  (13956284, 0, ...
 02167   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02169   928   NtContinue  (15006936, 0, ...
 02170   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02171   924   NtContinue  (13956284, 0, ...
 02170   452   NtUserRegisterClassExWOW  ... ) == 0x810dc05d
 02172   928   NtContinue  (15006936, 0, ...
 02173   452   NtUserGetClassInfo  (1999896576, 1241396, 1241348, 1241424, 0, ...
 02174   924   NtContinue  (13956284, 0, ...
 02173   452   NtUserGetClassInfo  ... ) == 0x0
 02175   928   NtContinue  (15006936, 0, ...
 02176   896   NtContinue  (11861204, 0, ...
 02177   452   NtUserFindExistingCursorIcon  (1240780, 1240796, 1241364, ...
 02178   924   NtContinue  (13956284, 0, ...
 02177   452   NtUserFindExistingCursorIcon  ... ) == 0x10011
 02179   896   NtContinue  (11861204, 0, ...
 02180   452   NtUserRegisterClassExWOW  (1241232, 1241312, 1241296, 1241328, 0, 384, 0, ...
 02181   924   NtContinue  (13956284, 0, ...
 02180   452   NtUserRegisterClassExWOW  ... ) == 0x810dc05f
 02182   896   NtContinue  (11861204, 0, ...
 02183   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02184   924   NtContinue  (13956284, 0, ...
 02183   452   NtUserGetClassInfo  ... ) == 0xc03b
 02185   896   NtContinue  (11861204, 0, ...
 02186   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02187   924   NtContinue  (13956284, 0, ...
 02186   452   NtUserGetClassInfo  ... ) == 0xc03d
 02188   896   NtContinue  (11861204, 0, ...
 02189   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02190   924   NtContinue  (13956284, 0, ...
 02189   452   NtUserGetClassInfo  ... ) == 0xc03f
 02191   896   NtContinue  (11861204, 0, ...
 02192   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02193   924   NtContinue  (13956284, 0, ...
 02194   928   NtContinue  (15006936, 0, ...
 02192   452   NtUserGetClassInfo  ... ) == 0xc041
 02195   896   NtContinue  (11861204, 0, ...
 02196   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02197   928   NtContinue  (15006936, 0, ...
 02196   452   NtUserGetClassInfo  ... ) == 0xc043
 02198   896   NtContinue  (11861204, 0, ...
 02199   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02200   928   NtContinue  (15006936, 0, ...
 02199   452   NtUserGetClassInfo  ... ) == 0xc045
 02201   896   NtContinue  (11861204, 0, ...
 02202   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02203   928   NtContinue  (15006936, 0, ...
 02202   452   NtUserGetClassInfo  ... ) == 0xc047
 02204   896   NtContinue  (11861204, 0, ...
 02205   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02206   928   NtContinue  (15006936, 0, ...
 02205   452   NtUserGetClassInfo  ... ) == 0xc049
 02207   896   NtContinue  (11861204, 0, ...
 02208   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02209   928   NtContinue  (15006936, 0, ...
 02208   452   NtUserGetClassInfo  ... ) == 0xc04b
 02210   896   NtContinue  (11861204, 0, ...
 02211   924   NtContinue  (13956284, 0, ...
 02212   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02213   928   NtContinue  (15006936, 0, ...
 02212   452   NtUserGetClassInfo  ... ) == 0xc04d
 02214   924   NtContinue  (13956284, 0, ...
 02215   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02216   928   NtContinue  (15006936, 0, ...
 02215   452   NtUserGetClassInfo  ... ) == 0xc04f
 02217   924   NtContinue  (13956284, 0, ...
 02218   452   NtUserGetClassInfo  (1999896576, 1243152, 1243104, 1243180, 0, ...
 02219   928   NtContinue  (15006936, 0, ...
 02218   452   NtUserGetClassInfo  ... ) == 0xc051
 02220   924   NtContinue  (13956284, 0, ...
 02221   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02222   928   NtContinue  (15006936, 0, ...
 02221   452   NtUserGetClassInfo  ... ) == 0xc053
 02223   924   NtContinue  (13956284, 0, ...
 02224   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02225   928   NtContinue  (15006936, 0, ...
 02224   452   NtUserGetClassInfo  ... ) == 0xc055
 02226   924   NtContinue  (13956284, 0, ...
 02227   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02228   928   NtContinue  (15006936, 0, ...
 02229   896   NtContinue  (11861204, 0, ...
 02227   452   NtUserGetClassInfo  ... ) == 0xc059
 02230   924   NtContinue  (13956284, 0, ...
 02231   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02232   896   NtContinue  (11861204, 0, ...
 02231   452   NtUserGetClassInfo  ... ) == 0xc05b
 02233   924   NtContinue  (13956284, 0, ...
 02234   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02235   896   NtContinue  (11861204, 0, ...
 02234   452   NtUserGetClassInfo  ... ) == 0xc05d
 02236   924   NtContinue  (13956284, 0, ...
 02237   452   NtUserGetClassInfo  (1999896576, 1243148, 1243100, 1243176, 0, ...
 02238   896   NtContinue  (11861204, 0, ...
 02237   452   NtUserGetClassInfo  ... ) == 0xc05f
 02239   924   NtContinue  (13956284, 0, ...
 02240   452   NtSetEventBoostPriority  (72, ...
 02241   896   NtContinue  (11861204, 0, ...
 01123   944   NtWaitForSingleObject  ... ) == 0x0
 02240   452   NtSetEventBoostPriority  ... ) == 0x0
 02242   924   NtContinue  (13956284, 0, ...
 02243   944   NtSetEventBoostPriority  (72, ...
 02244   452   NtWaitForSingleObject  (72, 0, 0x0, ...
 02245   896   NtContinue  (11861204, 0, ...
 01762   940   NtWaitForSingleObject  ... ) == 0x0
 02243   944   NtSetEventBoostPriority  ... ) == 0x0
 02246   924   NtContinue  (13956284, 0, ...
 02247   928   NtContinue  (15006936, 0, ...
 02248   940   NtSetEventBoostPriority  (72, ...
 02249   944   NtTestAlert  (...
 02250   896   NtContinue  (11861204, 0, ...
 02244   452   NtWaitForSingleObject  ... ) == 0x0
 02249   944   NtTestAlert  ... ) == 0x0
 02248   940   NtSetEventBoostPriority  ... ) == 0x0
 02251   928   NtContinue  (15006936, 0, ...
 02252   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "OLEAUT32.dll"}, ... }, ...
 02253   944   NtContinue  (16055600, 1, ...
 02254   896   NtContinue  (11861204, 0, ...
 02255   924   NtContinue  (13956284, 0, ...
 02252   452   NtOpenSection  ... 76, ) == 0x0
 02256   944   NtRegisterThreadTerminatePort  (24, ...
 02257   928   NtContinue  (15006936, 0, ...
 02258   896   NtContinue  (11861204, 0, ...
 02256   944   NtRegisterThreadTerminatePort  ... ) == 0x0
 02259   452   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 02260   924   NtContinue  (13956284, 0, ...
 02261   928   NtContinue  (15006936, 0, ...
 02262   944   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ...
 02259   452   NtMapViewOfSection  ... (0x77120000), 0x0, 569344, ) == 0x0
 02263   896   NtContinue  (11861204, 0, ...
 02264   924   NtContinue  (13956284, 0, ...
 02265   452   NtClose  (76, ...
 02266   928   NtContinue  (15006936, 0, ...
 02267   896   NtContinue  (11861204, 0, ...
 02265   452   NtClose  ... ) == 0x0
 02268   924   NtContinue  (13956284, 0, ...
 02269   928   NtContinue  (15006936, 0, ...
 02270   452   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "OLE32.DLL"}, ... }, ...
 02271   896   NtContinue  (11861204, 0, ...
 02272   924   NtContinue  (13956284, 0, ...
 02273   940   NtTerminateThread  (0, 0, ...
 02262   944   NtSetInformationThread  ... ) == 0x0
 02270   452   NtOpenSection  ... 76, ) == 0x0
 02274   928   NtContinue  (15006936, 0, ...
 02275   940   NtFreeVirtualMemory  (-1, (0xb50000), 0, 32768, ...
 02276   452   NtMapViewOfSection  (76, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ...
 02277   944   NtSetEvent  (68, ...
 02275   940   NtFreeVirtualMemory  ... (0xb50000), 1048576, ) == 0x0
 02276   452   NtMapViewOfSection  ... (0x771b0000), 0x0, 1155072, ) == 0x0
 02278   928   NtContinue  (15006936, 0, ...
 02279   452   NtClose  (76, ...
 02277   944   NtSetEvent  ... 0x0, ) == 0x0
 02279   452   NtClose  ... ) == 0x0
 02280   928   NtContinue  (15006936, 0, ...
 01134   916   NtWaitForSingleObject  ... ) == 0x0
 02281   452   NtQuerySystemInformation  (Basic, 44, ...
 02282   944   NtRaiseException  (16055416, 16054676, 1, ...
 02283   928   NtContinue  (15006936, 0, ...
 02281   452   NtQuerySystemInformation  ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 02284   916   NtClose  (68, ...
 02285   944   NtContinue  (16053472, 0, ...
 02286   452   NtQuerySystemInformation  (Processor, 12, ...
 02287   928   NtContinue  (15006936, 0, ...
 02284   916   NtClose  ... ) == 0x0
 02286   452   NtQuerySystemInformation  ... {system info, class 1, size 12}, 0x0, ) == 0x0
 02288   944   NtWaitForSingleObject  (56, 0, 0x0, ...
 02289   928   NtContinue  (15006936, 0, ...
 02290   452   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Control\Session Manager"}, ... }, ...
 02291   916   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 02292   896   NtContinue  (11861204, 0, ...
 02293   924   NtContinue  (13956284, 0, ...
 02288   944   NtWaitForSingleObject  ... ) == 0x0
 02290   452   NtOpenKey  ... 68, ) == 0x0
 02291   916   NtCreateEvent  ... 76, ) == 0x0
 02294   896   NtContinue  (11861204, 0, ...
 02295   924   NtContinue  (13956284, 0, ...
 02296   452   NtQueryValueKey  (68,  (68, "CriticalSectionTimeout", Partial, 144, ... , Partial, 144, ...
 02297   944   NtOpenSection  (0x2, {24, 52, 0x0, 0, 0,  (0x2, {24, 52, 0x0, 0, 0, "DBWIN_BUFFER"}, ... }, ...
 02298   928   NtContinue  (15006936, 0, ...
 02299   896   NtContinue  (11861204, 0, ...
 02296   452   NtQueryValueKey  ... TitleIdx=0, Type=4, Data= ... TitleIdx=0, Type=4, Data="\0\215'\0"}, 16, ) }, 16, ) == 0x0
 02300   924   NtContinue  (13956284, 0, ...
 02297   944   NtOpenSection  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02301   928   NtContinue  (15006936, 0, ...
 02302   452   NtClose  (68, ...
 02303   896   NtContinue  (11861204, 0, ...
 02304   924   NtContinue  (13956284, 0, ...
 02305   944   NtReleaseMutant  (56, ...
 02302   452   NtClose  ... ) == 0x0
 02306   928   NtContinue  (15006936, 0, ...
 02307   896   NtContinue  (11861204, 0, ...
 02308   924   NtContinue  (13956284, 0, ...
 02309   452   NtQuerySystemInformation  (Basic, 44, ...
 02305   944   NtReleaseMutant  ... 0x0, ) == 0x0
 02310   928   NtContinue  (15006936, 0, ...
 02311   896   NtContinue  (11861204, 0, ...
 02309   452   NtQuerySystemInformation  ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 02312   924   NtContinue  (13956284, 0, ...
 02313   916   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02314   928   NtContinue  (15006936, 0, ...
 02315   944   NtQueryInformationThread  (-2, AmILastThread, 4, ...
 02316   452   NtQuerySystemInformation  (Processor, 12, ...
 02317   896   NtContinue  (11861204, 0, ...
 02313   916   NtAllocateVirtualMemory  ... 11862016, 1048576, ) == 0x0
 02318   928   NtContinue  (15006936, 0, ...
 02316   452   NtQuerySystemInformation  ... {system info, class 1, size 12}, 0x0, ) == 0x0
 02315   944   NtQueryInformationThread  ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 02319   896   NtContinue  (11861204, 0, ...
 02320   916   NtAllocateVirtualMemory  (-1, 12902400, 0, 8192, 4096, 4, ...
 02321   924   NtContinue  (13956284, 0, ...
 02322   452   NtQuerySystemInformation  (Basic, 44, ...
 02323   944   NtWaitForSingleObject  (72, 0, 0x0, ...
 02324   896   NtContinue  (11861204, 0, ...
 02320   916   NtAllocateVirtualMemory  ... 12902400, 8192, ) == 0x0
 02322   452   NtQuerySystemInformation  ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 02325   924   NtContinue  (13956284, 0, ...
 02326   896   NtContinue  (11861204, 0, ...
 02327   452   NtQuerySystemInformation  (Processor, 12, ...
 02328   916   NtProtectVirtualMemory  (-1, (0xc4e000), 4096, 260, ...
 02329   924   NtContinue  (13956284, 0, ...
 02327   452   NtQuerySystemInformation  ... {system info, class 1, size 12}, 0x0, ) == 0x0
 02330   896   NtContinue  (11861204, 0, ...
 02328   916   NtProtectVirtualMemory  ... (0xc4e000), 4096, 4, ) == 0x0
 02331   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface"}, ... }, ...
 02332   924   NtContinue  (13956284, 0, ...
 02333   896   NtContinue  (11861204, 0, ...
 02334   928   NtContinue  (15006936, 0, ...
 02331   452   NtOpenKey  ... 68, ) == 0x0
 02335   924   NtContinue  (13956284, 0, ...
 02336   916   NtCreateThread  (0x1f03ff, 0x0, -1, 10812468, 10813184, 1, ...
 02337   452   NtQueryValueKey  (68,  (68, "InterfaceHelperDisableAll", Full, 0, ... , Full, 0, ...
 02338   928   NtContinue  (15006936, 0, ...
 02339   924   NtContinue  (13956284, 0, ...
 02337   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02336   916   NtCreateThread  ... 64, {448, 948}, ) == 0x0
 02340   928   NtContinue  (15006936, 0, ...
 02341   896   NtContinue  (11861204, 0, ...
 02342   452   NtQueryValueKey  (68,  (68, "InterfaceHelperDisableAllForOle32", Full, 0, ... , Full, 0, ...
 02343   916   NtQueryInformationThread  (64, Basic, 28, ...
 02344   928   NtContinue  (15006936, 0, ...
 02342   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02345   896   NtContinue  (11861204, 0, ...
 02343   916   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffdd000,Pid=448,Tid=948,}, 0x0, ) == 0x0
 02346   452   NtQueryValueKey  (68,  (68, "InterfaceHelperDisableTypeLib", Full, 0, ... , Full, 0, ...
 02347   928   NtContinue  (15006936, 0, ...
 02348   896   NtContinue  (11861204, 0, ...
 02346   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02349   916   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 916, 1591, 0}  (24, {28, 56, new_msg, 0, 448, 916, 1591, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\351\0\0\0@\0\0\0\300\1\0\0\264\3\0\0" ...  ...
 02350   928   NtContinue  (15006936, 0, ...
 02351   452   NtClose  (68, ...
 02352   896   NtContinue  (11861204, 0, ...
 02349   916   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 448, 916, 1595, 0}  ... {28, 56, reply, 0, 448, 916, 1595, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\351\0\0\0@\0\0\0\300\1\0\0\264\3\0\0" )  ) == 0x0
 02353   924   NtContinue  (13956284, 0, ...
 02351   452   NtClose  ... ) == 0x0
 02354   896   NtContinue  (11861204, 0, ...
 02355   916   NtResumeThread  (64, ...
 02356   452   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}"}, ... }, ...
 02357   924   NtContinue  (13956284, 0, ...
 02358   896   NtContinue  (11861204, 0, ...
 02356   452   NtOpenKey  ... 68, ) == 0x0
 02359   948   NtWaitForSingleObject  (72, 0, 0x0, ...
 02355   916   NtResumeThread  ... 1, ) == 0x0
 02360   924   NtContinue  (13956284, 0, ...
 02361   928   NtContinue  (15006936, 0, ...
 02362   452   NtQueryValueKey  (68,  (68, "InterfaceHelperDisableAll", Full, 0, ... , Full, 0, ...
 02363   916   NtClose  (64, ...
 02364   924   NtContinue  (13956284, 0, ...
 02362   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02365   928   NtContinue  (15006936, 0, ...
 02363   916   NtClose  ... ) == 0x0
 02366   452   NtQueryValueKey  (68,  (68, "InterfaceHelperDisableAllForOle32", Full, 0, ... , Full, 0, ...
 02367   924   NtContinue  (13956284, 0, ...
 02368   928   NtContinue  (15006936, 0, ...
 02366   452   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02369   916   NtWaitForSingleObject  (76, 0, 0x0, ...
 02370   924   NtContinue  (13956284, 0, ...
 02371   452   NtClose  (68, ...
 02372   928   NtContinue  (15006936, 0, ...
 02373   896   NtContinue  (11861204, 0, ...
 02371   452   NtClose  ... ) == 0x0
 02374   928   NtContinue  (15006936, 0, ...
 02375   452   NtOpenEvent  (0x1f0003, {24, 52, 0x0, 0, 0,  (0x1f0003, {24, 52, 0x0, 0, 0, "HookSwitchHookEnabledEvent"}, ... }, ...
 02376   896   NtContinue  (11861204, 0, ...
 02375   452   NtOpenEvent  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02377   928   NtContinue  (15006936, 0, ...
 02378   452   NtUserRegisterWindowMessage  ( ("{FB8F0821-0164-101B-84ED-08002B2EC713}", ... , ...
 02379   896   NtContinue  (11861204, 0, ...
 02380   924   NtContinue  (13956284, 0, ...
 02378   452   NtUserRegisterWindowMessage  ... ) == 0xc07b
 02381   896   NtContinue  (11861204, 0, ...
 02382   452   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT"}, ... }, ...
 02383   924   NtContinue  (13956284, 0, ...
 02382   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02384   896   NtContinue  (11861204, 0, ...
 02385   452   NtOpenKey  (0x9, {24, 28, 0x40, 0, 0,  (0x9, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT\UserEra"}, ... }, ...
 02386   924   NtContinue  (13956284, 0, ...
 02385   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02387   896   NtContinue  (11861204, 0, ...
 02388   452   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\OLEAUT"}, ... }, ...
 02389   924   NtContinue  (13956284, 0, ...
 02390   928   NtContinue  (15006936, 0, ...
 02388   452   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02391   924   NtContinue  (13956284, 0, ...
 02392   452   NtSetEventBoostPriority  (72, ...
 02393   928   NtContinue  (15006936, 0, ...
 02323   944   NtWaitForSingleObject  ... ) == 0x0
 02392   452   NtSetEventBoostPriority  ... ) == 0x0
 02394   924   NtContinue  (13956284, 0, ...
 02395   944   NtSetEventBoostPriority  (72, ...
 02396   452   NtWaitForSingleObject  (72, 0, 0x0, ...
 02397   928   NtContinue  (15006936, 0, ...
 02398   896   NtContinue  (11861204, 0, ...
 02359   948   NtWaitForSingleObject  ... ) == 0x0
 02395   944   NtSetEventBoostPriority  ... ) == 0x0
 02399   928   NtContinue  (15006936, 0, ...
 02400   948   NtSetEventBoostPriority  (72, ...
 02401   896   NtContinue  (11861204, 0, ...
 02402   924   NtContinue  (13956284, 0, ...
 02396   452   NtWaitForSingleObject  ... ) == 0x0
 02400   948   NtSetEventBoostPriority  ... ) == 0x0
 02403   928   NtContinue  (15006936, 0, ...
 02404   896   NtContinue  (11861204, 0, ...
 02405   452   NtQueryInformationProcess  (-1, DefaultHardErrorMode, 4, ...
 02406   948   NtTestAlert  (...
 02407   924   NtContinue  (13956284, 0, ...
 02408   928   NtContinue  (15006936, 0, ...
 02405   452   NtQueryInformationProcess  ... {process info, class 12, size 4}, 0x0, ) == 0x0
 02406   948   NtTestAlert  ... ) == 0x0
 02409   896   NtContinue  (11861204, 0, ...
 02410   924   NtContinue  (13956284, 0, ...
 02411   944   NtTerminateThread  (0, 0, ...
 02412   948   NtContinue  (12909872, 1, ...
 02413   452   NtSetInformationProcess  (-1, DefaultHardErrorMode, {process info, class 12, size 4}, 4, ...
 02414   896   NtContinue  (11861204, 0, ...
 02415   924   NtContinue  (13956284, 0, ...
 02416   948   NtRegisterThreadTerminatePort  (24, ...
 02413   452   NtSetInformationProcess  ... ) == 0x0
 02417   944   NtFreeVirtualMemory  (-1, (0xe50000), 0, 32768, ...
 02418   896   NtContinue  (11861204, 0, ...
 02416   948   NtRegisterThreadTerminatePort  ... ) == 0x0
 02417   944   NtFreeVirtualMemory  ... (0xe50000), 1048576, ) == 0x0
 02419   452   NtDelayExecution  (0, {-10000000, -1}, ...
 02420   924   NtContinue  (13956284, 0, ...
 02421   928   NtContinue  (15006936, 0, ...
 02422   948   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ...
 02423   924   NtContinue  (13956284, 0, ...
 02424   928   NtContinue  (15006936, 0, ...
 02425   896   NtContinue  (11861204, 0, ...
 02426   928   NtContinue  (15006936, 0, ...
 02427   896   NtContinue  (11861204, 0, ...
 02428   928   NtContinue  (15006936, 0, ...
 02429   896   NtContinue  (11861204, 0, ...
 02430   928   NtContinue  (15006936, 0, ...
 02431   896   NtContinue  (11861204, 0, ...
 02432   928   NtContinue  (15006936, 0, ...
 02433   896   NtContinue  (11861204, 0, ...
 02434   924   NtContinue  (13956284, 0, ...
 02422   948   NtSetInformationThread  ... ) == 0x0
 02435   896   NtContinue  (11861204, 0, ...
 02436   924   NtContinue  (13956284, 0, ...
 02437   948   NtSetEvent  (76, ...
 02438   928   NtContinue  (15006936, 0, ...
 02439   924   NtContinue  (13956284, 0, ...
 02437   948   NtSetEvent  ... 0x0, ) == 0x0
 02440   928   NtContinue  (15006936, 0, ...
 02369   916   NtWaitForSingleObject  ... ) == 0x0
 02441   924   NtContinue  (13956284, 0, ...
 02442   948   NtQueryInformationThread  (-2, AmILastThread, 4, ...
 02443   928   NtContinue  (15006936, 0, ...
 02444   916   NtClose  (76, ...
 02445   924   NtContinue  (13956284, 0, ...
 02442   948   NtQueryInformationThread  ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 02446   928   NtContinue  (15006936, 0, ...
 02444   916   NtClose  ... ) == 0x0
 02447   924   NtContinue  (13956284, 0, ...
 02448   948   NtTerminateThread  (0, 0, ...
 02449   928   NtContinue  (15006936, 0, ...
 02450   916   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 02451   896   NtContinue  (11861204, 0, ...
 02452   924   NtContinue  (13956284, 0, ...
 02453   928   NtContinue  (15006936, 0, ...
 02450   916   NtCreateEvent  ... 76, ) == 0x0
 02454   896   NtContinue  (11861204, 0, ...
 02455   924   NtContinue  (13956284, 0, ...
 02456   948   NtFreeVirtualMemory  (-1, (0xb50000), 0, 32768, ...
 02457   928   NtContinue  (15006936, 0, ...
 02458   896   NtContinue  (11861204, 0, ...
 02456   948   NtFreeVirtualMemory  ... (0xb50000), 1048576, ) == 0x0
 02459   924   NtContinue  (13956284, 0, ...
 02460   928   NtContinue  (15006936, 0, ...
 02461   896   NtContinue  (11861204, 0, ...
 02462   924   NtContinue  (13956284, 0, ...
 02463   928   NtContinue  (15006936, 0, ...
 02464   896   NtContinue  (11861204, 0, ...
 02465   924   NtContinue  (13956284, 0, ...
 02466   928   NtContinue  (15006936, 0, ...
 02467   896   NtContinue  (11861204, 0, ...
 02468   924   NtContinue  (13956284, 0, ...
 02469   928   NtContinue  (15006936, 0, ...
 02470   916   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02471   896   NtContinue  (11861204, 0, ...
 02472   928   NtContinue  (15006936, 0, ...
 02470   916   NtAllocateVirtualMemory  ... 11862016, 1048576, ) == 0x0
 02473   896   NtContinue  (11861204, 0, ...
 02474   924   NtContinue  (13956284, 0, ...
 02475   916   NtAllocateVirtualMemory  (-1, 12902400, 0, 8192, 4096, 4, ...
 02476   896   NtContinue  (11861204, 0, ...
 02477   924   NtContinue  (13956284, 0, ...
 02475   916   NtAllocateVirtualMemory  ... 12902400, 8192, ) == 0x0
 02478   896   NtContinue  (11861204, 0, ...
 02479   924   NtContinue  (13956284, 0, ...
 02480   916   NtProtectVirtualMemory  (-1, (0xc4e000), 4096, 260, ...
 02481   896   NtContinue  (11861204, 0, ...
 02482   924   NtContinue  (13956284, 0, ...
 02480   916   NtProtectVirtualMemory  ... (0xc4e000), 4096, 4, ) == 0x0
 02483   896   NtContinue  (11861204, 0, ...
 02484   924   NtContinue  (13956284, 0, ...
 02485   928   NtContinue  (15006936, 0, ...
 02486   916   NtCreateThread  (0x1f03ff, 0x0, -1, 10812468, 10813184, 1, ...
 02487   924   NtContinue  (13956284, 0, ...
 02488   928   NtContinue  (15006936, 0, ...
 02486   916   NtCreateThread  ... 68, {448, 952}, ) == 0x0
 02489   896   NtContinue  (11861204, 0, ...
 02490   928   NtContinue  (15006936, 0, ...
 02491   916   NtQueryInformationThread  (68, Basic, 28, ...
 02492   896   NtContinue  (11861204, 0, ...
 02493   928   NtContinue  (15006936, 0, ...
 02491   916   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffdd000,Pid=448,Tid=952,}, 0x0, ) == 0x0
 02494   896   NtContinue  (11861204, 0, ...
 02495   928   NtContinue  (15006936, 0, ...
 02496   916   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 448, 916, 1595, 0}  (24, {28, 56, new_msg, 0, 448, 916, 1595, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\351\0\0\0D\0\0\0\300\1\0\0\270\3\0\0" ...  ...
 02497   896   NtContinue  (11861204, 0, ...
 02498   928   NtContinue  (15006936, 0, ...
 02499   896   NtContinue  (11861204, 0, ...
 02500   924   NtContinue  (13956284, 0, ...
 02496   916   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 448, 916, 1598, 0}  ... {28, 56, reply, 0, 448, 916, 1598, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\351\0\0\0D\0\0\0\300\1\0\0\270\3\0\0" )  ) == 0x0
 02501   896   NtContinue  (11861204, 0, ...
 02502   924   NtContinue  (13956284, 0, ...
 02503   916   NtResumeThread  (68, ...
 02504   928   NtContinue  (15006936, 0, ...
 02505   924   NtContinue  (13956284, 0, ...
 02506   952   NtTestAlert  (...
 02503   916   NtResumeThread  ... 1, ) == 0x0
 02507   928   NtContinue  (15006936, 0, ...
 02506   952   NtTestAlert  ... ) == 0x0
 02508   924   NtContinue  (13956284, 0, ...
 02509   916   NtClose  (68, ...
 02510   952   NtContinue  (12909872, 1, ...
 02511   928   NtContinue  (15006936, 0, ...
 02512   924   NtContinue  (13956284, 0, ...
 02513   952   NtRegisterThreadTerminatePort  (24, ...
 02509   916   NtClose  ... ) == 0x0
 02514   928   NtContinue  (15006936, 0, ...
 02513   952   NtRegisterThreadTerminatePort  ... ) == 0x0
 02515   924   NtContinue  (13956284, 0, ...
 02516   916   NtWaitForSingleObject  (76, 0, 0x0, ...
 02517   952   NtSetInformationThread  (-2, BasePriority, {thread info, class 3, size 4}, 4, ...
 02518   928   NtContinue  (15006936, 0, ...
 02519   896   NtContinue  (11861204, 0, ...
 02520   924   NtContinue  (13956284, 0, ...
 02521   928   NtContinue  (15006936, 0, ...
 02522   896   NtContinue  (11861204, 0, ...
 02523   924   NtContinue  (13956284, 0, ...
 02517   952   NtSetInformationThread  ... ) == 0x0
 02524   896   NtContinue  (11861204, 0, ...
 02525   924   NtContinue  (13956284, 0, ...
 02526   952   NtSetEvent  (76, ...
 02527   896   NtContinue  (11861204, 0, ...
 02528   924   NtContinue  (13956284, 0, ...
 02526   952   NtSetEvent  ... 0x0, ) == 0x0
 02529   896   NtContinue  (11861204, 0, ...
 02516   916   NtWaitForSingleObject  ... ) == 0x0
 02530   924   NtContinue  (13956284, 0, ...
 02531   952   NtDuplicateObject  (-1, 3529, -1, 0x0, 0, 2, ...
 02532   896   NtContinue  (11861204, 0, ...
 02533   916   NtClose  (76, ...
 02534   924   NtContinue  (13956284, 0, ...
 02531   952   NtDuplicateObject  ... ) == STATUS_INVALID_HANDLE
 02535   928   NtContinue  (15006936, 0, ...
 02533   916   NtClose  ... ) == 0x0
 02536   896   NtContinue  (11861204, 0, ...
 02537   952   NtClose  (0, ...
 02538   928   NtContinue  (15006936, 0, ...
 02539   916   NtQueryInformationThread  (-2, AmILastThread, 4, ...
 02540   896   NtContinue  (11861204, 0, ...
 02541   924   NtContinue  (13956284, 0, ...
 02542   928   NtContinue  (15006936, 0, ...
 02539   916   NtQueryInformationThread  ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 02543   896   NtContinue  (11861204, 0, ...
 02544   924   NtContinue  (13956284, 0, ...
 02545   928   NtContinue  (15006936, 0, ...
 02537   952   NtClose  ... ) == STATUS_INVALID_HANDLE
 02546   896   NtContinue  (11861204, 0, ...
 02547   924   NtContinue  (13956284, 0, ...
 02548   928   NtContinue  (15006936, 0, ...
 02549   952   NtClose  (0, ...
 02550   896   NtContinue  (11861204, 0, ...
 02551   924   NtContinue  (13956284, 0, ...
 02552   928   NtContinue  (15006936, 0, ...
 02549   952   NtClose  ... ) == STATUS_INVALID_HANDLE
 02553   896   NtContinue  (11861204, 0, ...
 02554   924   NtContinue  (13956284, 0, ...
 02555   916   NtTerminateThread  (0, 0, ...
 02556   952   NtQueryInformationThread  (-2, AmILastThread, 4, ...
 02557   928   NtContinue  (15006936, 0, ...
 02558   924   NtContinue  (13956284, 0, ...
 02559   916   NtFreeVirtualMemory  (-1, (0x950000), 0, 32768, ...
 02556   952   NtQueryInformationThread  ... {thread info, class 12, size 4}, 0x0, ) == 0x0
 02560   928   NtContinue  (15006936, 0, ...
 02561   896   NtContinue  (11861204, 0, ...
 02559   916   NtFreeVirtualMemory  ... (0x950000), 1048576, ) == 0x0
 02562   952   NtTerminateThread  (0, 0, ...
 02563   928   NtContinue  (15006936, 0, ...
 02564   896   NtContinue  (11861204, 0, ...
 02565   924   NtContinue  (13956284, 0, ...
 02566   928   NtContinue  (15006936, 0, ...
 02567   896   NtContinue  (11861204, 0, ...
 02568   924   NtContinue  (13956284, 0, ...
 02569   928   NtContinue  (15006936, 0, ...
 02570   896   NtContinue  (11861204, 0, ...
 02571   924   NtContinue  (13956284, 0, ...
 02572   928   NtContinue  (15006936, 0, ...
 02573   896   NtContinue  (11861204, 0, ...
 02574   924   NtContinue  (13956284, 0, ...
 02575   952   NtFreeVirtualMemory  (-1, (0xb50000), 0, 32768, ...
 02576   896   NtContinue  (11861204, 0, ...
 02575   952   NtFreeVirtualMemory  ... (0xb50000), 1048576, ) == 0x0
 02577   924   NtContinue  (13956284, 0, ...
 02578   928   NtContinue  (15006936, 0, ...
 02579   924   NtContinue  (13956284, 0, ...
 02580   928   NtContinue  (15006936, 0, ...
 02581   896   NtContinue  (11861204, 0, ...
 02582   928   NtContinue  (15006936, 0, ...
 02583   896   NtContinue  (11861204, 0, ...
 02584   928   NtContinue  (15006936, 0, ...
 02585   896   NtContinue  (11861204, 0, ...
 02586   928   NtContinue  (15006936, 0, ...
 02587   896   NtContinue  (11861204, 0, ...
 02588   928   NtContinue  (15006936, 0, ...
 02589   896   NtContinue  (11861204, 0, ...
 02590   924   NtContinue  (13956284, 0, ...
 02591   896   NtContinue  (11861204, 0, ...
 02592   924   NtContinue  (13956284, 0, ...
 02593   928   NtContinue  (15006936, 0, ...
 02594   924   NtContinue  (13956284, 0, ...
 02595   928   NtContinue  (15006936, 0, ...
 02596   924   NtContinue  (13956284, 0, ...
 02597   928   NtContinue  (15006936, 0, ...
 02598   924   NtContinue  (13956284, 0, ...
 02599   928   NtContinue  (15006936, 0, ...
 02600   924   NtContinue  (13956284, 0, ...
 02601   928   NtContinue  (15006936, 0, ...
 02602   896   NtContinue  (11861204, 0, ...
 02603   928   NtContinue  (15006936, 0, ...
 02604   896   NtContinue  (11861204, 0, ...
 02605   924   NtContinue  (13956284, 0, ...
 02606   896   NtContinue  (11861204, 0, ...
 02607   924   NtContinue  (13956284, 0, ...
 02608   896   NtContinue  (11861204, 0, ...
 02609   924   NtContinue  (13956284, 0, ...
 02610   896   NtContinue  (11861204, 0, ...
 02611   924   NtContinue  (13956284, 0, ...
 02612   896   NtContinue  (11861204, 0, ...
 02613   924   NtContinue  (13956284, 0, ...
 02614   928   NtContinue  (15006936, 0, ...
 02615   924   NtContinue  (13956284, 0, ...
 02616   928   NtContinue  (15006936, 0, ...
 02617   896   NtContinue  (11861204, 0, ...
 02618   928   NtContinue  (15006936, 0, ...
 02619   896   NtContinue  (11861204, 0, ...
 02620   928   NtContinue  (15006936, 0, ...
 02621   896   NtContinue  (11861204, 0, ...
 02622   928   NtContinue  (15006936, 0, ...
 02623   896   NtContinue  (11861204, 0, ...
 02624   928   NtContinue  (15006936, 0, ...
 02625   896   NtContinue  (11861204, 0, ...
 02626   924   NtContinue  (13956284, 0, ...
 02627   896   NtContinue  (11861204, 0, ...
 02628   924   NtContinue  (13956284, 0, ...
 02629   928   NtContinue  (15006936, 0, ...
 02630   924   NtContinue  (13956284, 0, ...
 02631   928   NtContinue  (15006936, 0, ...
 02632   924   NtContinue  (13956284, 0, ...
 02633   928   NtContinue  (15006936, 0, ...
 02634   924   NtContinue  (13956284, 0, ...
 02635   928   NtContinue  (15006936, 0, ...
 02636   924   NtContinue  (13956284, 0, ...
 02637   928   NtContinue  (15006936, 0, ...
 02638   896   NtContinue  (11861204, 0, ...
 02639   928   NtContinue  (15006936, 0, ...
 02640   896   NtContinue  (11861204, 0, ...
 02641   924   NtContinue  (13956284, 0, ...
 02642   896   NtContinue  (11861204, 0, ...
 02643   924   NtContinue  (13956284, 0, ...
 02644   928   NtContinue  (15006936, 0, ...
 02645   924   NtContinue  (13956284, 0, ...
 02646   928   NtContinue  (15006936, 0, ...
 02647   924   NtContinue  (13956284, 0, ...
 02648   928   NtContinue  (15006936, 0, ...
 02649   924   NtContinue  (13956284, 0, ...
 02650   928   NtContinue  (15006936, 0, ...
 02651   924   NtContinue  (13956284, 0, ...
 02652   928   NtContinue  (15006936, 0, ...
 02653   896   NtContinue  (11861204, 0, ...
 02654   928   NtContinue  (15006936, 0, ...
 02655   896   NtContinue  (11861204, 0, ...
 02656   924   NtContinue  (13956284, 0, ...
 02657   896   NtContinue  (11861204, 0, ...
 02658   924   NtContinue  (13956284, 0, ...
 02659   896   NtContinue  (11861204, 0, ...
 02660   924   NtContinue  (13956284, 0, ...
 02661   896   NtContinue  (11861204, 0, ...
 02662   924   NtContinue  (13956284, 0, ...
 02663   896   NtContinue  (11861204, 0, ...
 02664   924   NtContinue  (13956284, 0, ...
 02665   928   NtContinue  (15006936, 0, ...
 02666   924   NtContinue  (13956284, 0, ...
 02667   928   NtContinue  (15006936, 0, ...
 02668   896   NtContinue  (11861204, 0, ...
 02669   928   NtContinue  (15006936, 0, ...
 02670   896   NtContinue  (11861204, 0, ...
 02671   928   NtContinue  (15006936, 0, ...
 02672   896   NtContinue  (11861204, 0, ...
 02673   928   NtContinue  (15006936, 0, ...
 02674   896   NtContinue  (11861204, 0, ...
 02675   928   NtContinue  (15006936, 0, ...
 02676   896   NtContinue  (11861204, 0, ...
 02677   924   NtContinue  (13956284, 0, ...
 02678   896   NtContinue  (11861204, 0, ...
 02679   924   NtContinue  (13956284, 0, ...
 02680   928   NtContinue  (15006936, 0, ...
 02681   924   NtContinue  (13956284, 0, ...
 02682   928   NtContinue  (15006936, 0, ...
 02683   924   NtContinue  (13956284, 0, ...
 02684   928   NtContinue  (15006936, 0, ...
 02685   924   NtContinue  (13956284, 0, ...
 02686   928   NtContinue  (15006936, 0, ...
 02687   924   NtContinue  (13956284, 0, ...
 02688   928   NtContinue  (15006936, 0, ...
 02689   896   NtContinue  (11861204, 0, ...
 02690   928   NtContinue  (15006936, 0, ...
 02691   896   NtContinue  (11861204, 0, ...
 02692   924   NtContinue  (13956284, 0, ...
 02693   896   NtContinue  (11861204, 0, ...
 02694   924   NtContinue  (13956284, 0, ...
 02695   896   NtContinue  (11861204, 0, ...
 02696   924   NtContinue  (13956284, 0, ...
 02697   896   NtContinue  (11861204, 0, ...
 02698   924   NtContinue  (13956284, 0, ...
 02699   896   NtContinue  (11861204, 0, ...
 02700   924   NtContinue  (13956284, 0, ...
 02701   928   NtContinue  (15006936, 0, ...
 02702   924   NtContinue  (13956284, 0, ...
 02703   928   NtContinue  (15006936, 0, ...
 02704   896   NtContinue  (11861204, 0, ...
 02705   928   NtContinue  (15006936, 0, ...
 02706   896   NtContinue  (11861204, 0, ...
 02707   928   NtContinue  (15006936, 0, ...
 02708   896   NtContinue  (11861204, 0, ...
 02709   928   NtContinue  (15006936, 0, ...
 02710   896   NtContinue  (11861204, 0, ...
 02711   928   NtContinue  (15006936, 0, ...
 02712   896   NtContinue  (11861204, 0, ...
 02713   924   NtContinue  (13956284, 0, ...
 02714   896   NtContinue  (11861204, 0, ...
 02715   924   NtContinue  (13956284, 0, ...
 02716   928   NtContinue  (15006936, 0, ...
 02717   924   NtContinue  (13956284, 0, ...
 02718   928   NtContinue  (15006936, 0, ...
 02719   924   NtContinue  (13956284, 0, ...
 02720   928   NtContinue  (15006936, 0, ...
 02721   924   NtContinue  (13956284, 0, ...
 02722   928   NtContinue  (15006936, 0, ...
 02723   924   NtContinue  (13956284, 0, ...
 02724   928   NtContinue  (15006936, 0, ...
 02725   896   NtContinue  (11861204, 0, ...
 02726   928   NtContinue  (15006936, 0, ...
 02727   896   NtContinue  (11861204, 0, ...
 02728   924   NtContinue  (13956284, 0, ...
 02729   896   NtContinue  (11861204, 0, ...
 02730   924   NtContinue  (13956284, 0, ...
 02731   896   NtContinue  (11861204, 0, ...
 02732   924   NtContinue  (13956284, 0, ...
 02733   896   NtContinue  (11861204, 0, ...
 02734   924   NtContinue  (13956284, 0, ...
 02735   896   NtContinue  (11861204, 0, ...
 02736   924   NtContinue  (13956284, 0, ...
 02737   928   NtContinue  (15006936, 0, ...
 02738   924   NtContinue  (13956284, 0, ...
 02739   928   NtContinue  (15006936, 0, ...
 02740   896   NtContinue  (11861204, 0, ...
 02741   928   NtContinue  (15006936, 0, ...
 02742   896   NtContinue  (11861204, 0, ...
 02743   928   NtContinue  (15006936, 0, ...
 02744   896   NtContinue  (11861204, 0, ...
 02745   928   NtContinue  (15006936, 0, ...
 02746   896   NtContinue  (11861204, 0, ...
 02747   928   NtContinue  (15006936, 0, ...
 02748   896   NtContinue  (11861204, 0, ...
 02749   924   NtContinue  (13956284, 0, ...
 02750   896   NtContinue  (11861204, 0, ...
 02751   924   NtContinue  (13956284, 0, ...
 02752   928   NtContinue  (15006936, 0, ...
 02753   924   NtContinue  (13956284, 0, ...
 02754   928   NtContinue  (15006936, 0, ...
 02755   924   NtContinue  (13956284, 0, ...
 02756   928   NtContinue  (15006936, 0, ...
 02757   924   NtContinue  (13956284, 0, ...
 02758   928   NtContinue  (15006936, 0, ...
 02759   924   NtContinue  (13956284, 0, ...
 02760   928   NtContinue  (15006936, 0, ...
 02761   896   NtContinue  (11861204, 0, ...
 02762   928   NtContinue  (15006936, 0, ...
 02763   896   NtContinue  (11861204, 0, ...
 02764   924   NtContinue  (13956284, 0, ...
 02765   896   NtContinue  (11861204, 0, ...
 02766   924   NtContinue  (13956284, 0, ...
 02767   896   NtContinue  (11861204, 0, ...
 02768   924   NtContinue  (13956284, 0, ...
 02769   896   NtContinue  (11861204, 0, ...
 02770   924   NtContinue  (13956284, 0, ...
 02771   896   NtContinue  (11861204, 0, ...
 02772   924   NtContinue  (13956284, 0, ...
 02773   928   NtContinue  (15006936, 0, ...
 02774   924   NtContinue  (13956284, 0, ...
 02775   928   NtContinue  (15006936, 0, ...
 02776   896   NtContinue  (11861204, 0, ...
 02777   928   NtContinue  (15006936, 0, ...
 02778   896   NtContinue  (11861204, 0, ...
 02779   928   NtContinue  (15006936, 0, ...
 02780   896   NtContinue  (11861204, 0, ...
 02781   928   NtContinue  (15006936, 0, ...
 02782   896   NtContinue  (11861204, 0, ...
 02783   928   NtContinue  (15006936, 0, ...
 02784   896   NtContinue  (11861204, 0, ...
 02785   924   NtContinue  (13956284, 0, ...
 02786   896   NtContinue  (11861204, 0, ...
 02787   924   NtContinue  (13956284, 0, ...
 02788   928   NtContinue  (15006936, 0, ...
 02789   924   NtContinue  (13956284, 0, ...
 02790   928   NtContinue  (15006936, 0, ...
 02791   924   NtContinue  (13956284, 0, ...
 02792   928   NtContinue  (15006936, 0, ...
 02793   924   NtContinue  (13956284, 0, ...
 02794   928   NtContinue  (15006936, 0, ...
 02795   924   NtContinue  (13956284, 0, ...
 02796   928   NtContinue  (15006936, 0, ...
 02797   896   NtContinue  (11861204, 0, ...
 02798   928   NtContinue  (15006936, 0, ...
 02799   896   NtContinue  (11861204, 0, ...
 02800   924   NtContinue  (13956284, 0, ...
 02801   896   NtContinue  (11861204, 0, ...
 02802   924   NtContinue  (13956284, 0, ...
 02803   896   NtContinue  (11861204, 0, ...
 02804   924   NtContinue  (13956284, 0, ...
 02805   896   NtContinue  (11861204, 0, ...
 02806   924   NtContinue  (13956284, 0, ...
 02807   896   NtContinue  (11861204, 0, ...
 02808   924   NtContinue  (13956284, 0, ...
 02809   928   NtContinue  (15006936, 0, ...
 02810   924   NtContinue  (13956284, 0, ...
 02811   928   NtContinue  (15006936, 0, ...
 02812   896   NtContinue  (11861204, 0, ...
 02813   928   NtContinue  (15006936, 0, ...
 02814   896   NtContinue  (11861204, 0, ...
 02815   928   NtContinue  (15006936, 0, ...
 02816   896   NtContinue  (11861204, 0, ...
 02817   928   NtContinue  (15006936, 0, ...
 02818   896   NtContinue  (11861204, 0, ...
 02819   928   NtContinue  (15006936, 0, ...
 02820   896   NtContinue  (11861204, 0, ...
 02821   924   NtContinue  (13956284, 0, ...
 02822   896   NtContinue  (11861204, 0, ...
 02823   924   NtContinue  (13956284, 0, ...
 02824   928   NtContinue  (15006936, 0, ...
 02825   924   NtContinue  (13956284, 0, ...
 02826   928   NtContinue  (15006936, 0, ...
 02827   924   NtContinue  (13956284, 0, ...
 02828   928   NtContinue  (15006936, 0, ...
 02829   924   NtContinue  (13956284, 0, ...
 02830   928   NtContinue  (15006936, 0, ...
 02831   924   NtContinue  (13956284, 0, ...
 02832   928   NtContinue  (15006936, 0, ...
 02833   896   NtContinue  (11861204, 0, ...
 02834   928   NtContinue  (15006936, 0, ...
 02835   896   NtContinue  (11861204, 0, ...
 02836   924   NtContinue  (13956284, 0, ...
 02837   896   NtContinue  (11861204, 0, ...
 02838   924   NtContinue  (13956284, 0, ...
 02839   896   NtContinue  (11861204, 0, ...
 02840   924   NtContinue  (13956284, 0, ...
 02841   896   NtContinue  (11861204, 0, ...
 02842   924   NtContinue  (13956284, 0, ...
 02843   896   NtContinue  (11861204, 0, ...
 02844   924   NtContinue  (13956284, 0, ...
 02845   928   NtContinue  (15006936, 0, ...
 02846   924   NtContinue  (13956284, 0, ...
 02847   928   NtContinue  (15006936, 0, ...
 02848   896   NtContinue  (11861204, 0, ...
 02849   928   NtContinue  (15006936, 0, ...
 02850   896   NtContinue  (11861204, 0, ...
 02851   928   NtContinue  (15006936, 0, ...
 02852   896   NtContinue  (11861204, 0, ...
 02853   928   NtContinue  (15006936, 0, ...
 02854   896   NtContinue  (11861204, 0, ...
 02855   928   NtContinue  (15006936, 0, ...
 02856   896   NtContinue  (11861204, 0, ...
 02857   924   NtContinue  (13956284, 0, ...
 02858   896   NtContinue  (11861204, 0, ...
 02859   924   NtContinue  (13956284, 0, ...
 02860   928   NtContinue  (15006936, 0, ...
 02861   924   NtContinue  (13956284, 0, ...
 02862   928   NtContinue  (15006936, 0, ...
 02863   924   NtContinue  (13956284, 0, ...
 02864   928   NtContinue  (15006936, 0, ...
 02865   924   NtContinue  (13956284, 0, ...
 02866   928   NtContinue  (15006936, 0, ...
 02867   924   NtContinue  (13956284, 0, ...
 02868   928   NtContinue  (15006936, 0, ...
 02869   896   NtContinue  (11861204, 0, ...
 02870   928   NtContinue  (15006936, 0, ...
 02871   896   NtContinue  (11861204, 0, ...
 02872   924   NtContinue  (13956284, 0, ...
 02873   896   NtContinue  (11861204, 0, ...
 02874   924   NtContinue  (13956284, 0, ...
 02875   896   NtContinue  (11861204, 0, ...
 02876   924   NtContinue  (13956284, 0, ...
 02877   896   NtContinue  (11861204, 0, ...
 02878   924   NtContinue  (13956284, 0, ...
 02879   896   NtContinue  (11861204, 0, ...
 02880   924   NtContinue  (13956284, 0, ...
 02881   928   NtContinue  (15006936, 0, ...
 02882   924   NtContinue  (13956284, 0, ...
 02883   928   NtContinue  (15006936, 0, ...
 02884   896   NtContinue  (11861204, 0, ...
 02885   928   NtContinue  (15006936, 0, ...
 02886   896   NtContinue  (11861204, 0, ...
 02887   928   NtContinue  (15006936, 0, ...
 02888   896   NtContinue  (11861204, 0, ...
 02889   928   NtContinue  (15006936, 0, ...
 02890   896   NtContinue  (11861204, 0, ...
 02891   928   NtContinue  (15006936, 0, ...
 02892   896   NtContinue  (11861204, 0, ...
 02893   924   NtContinue  (13956284, 0, ...
 02894   896   NtContinue  (11861204, 0, ...
 02895   924   NtContinue  (13956284, 0, ...
 02896   928   NtContinue  (15006936, 0, ...
 02897   924   NtContinue  (13956284, 0, ...
 02898   928   NtContinue  (15006936, 0, ...
 02899   924   NtContinue  (13956284, 0, ...
 02900   928   NtContinue  (15006936, 0, ...
 02901   924   NtContinue  (13956284, 0, ...
 02902   928   NtContinue  (15006936, 0, ...
 02903   924   NtContinue  (13956284, 0, ...
 02904   928   NtContinue  (15006936, 0, ...
 02905   896   NtContinue  (11861204, 0, ...
 02906   928   NtContinue  (15006936, 0, ...
 02907   896   NtContinue  (11861204, 0, ...
 02908   924   NtContinue  (13956284, 0, ...
 02909   896   NtContinue  (11861204, 0, ...
 02910   924   NtContinue  (13956284, 0, ...
 02911   896   NtContinue  (11861204, 0, ...
 02912   924   NtContinue  (13956284, 0, ...
 02913   896   NtContinue  (11861204, 0, ...
 02914   924   NtContinue  (13956284, 0, ...
 02915   896   NtContinue  (11861204, 0, ...
 02916   924   NtContinue  (13956284, 0, ...
 02917   928   NtContinue  (15006936, 0, ...
 02918   924   NtContinue  (13956284, 0, ...
 02919   928   NtContinue  (15006936, 0, ...
 02920   896   NtContinue  (11861204, 0, ...
 02921   928   NtContinue  (15006936, 0, ...
 02922   896   NtContinue  (11861204, 0, ...
 02923   928   NtContinue  (15006936, 0, ...
 02924   896   NtContinue  (11861204, 0, ...
 02925   928   NtContinue  (15006936, 0, ...
 02926   896   NtContinue  (11861204, 0, ...
 02927   928   NtContinue  (15006936, 0, ...
 02928   896   NtContinue  (11861204, 0, ...
 02929   924   NtContinue  (13956284, 0, ...
 02930   896   NtContinue  (11861204, 0, ...
 02931   924   NtContinue  (13956284, 0, ...
 02932   928   NtContinue  (15006936, 0, ...
 02933   924   NtContinue  (13956284, 0, ...
 02934   928   NtContinue  (15006936, 0, ...
 02935   924   NtContinue  (13956284, 0, ...
 02936   928   NtContinue  (15006936, 0, ...
 02937   924   NtContinue  (13956284, 0, ...
 02938   928   NtContinue  (15006936, 0, ...
 02939   924   NtContinue  (13956284, 0, ...
 02940   928   NtContinue  (15006936, 0, ...
 02941   896   NtContinue  (11861204, 0, ...
 02942   928   NtContinue  (15006936, 0, ...
 02943   896   NtContinue  (11861204, 0, ...
 02944   924   NtContinue  (13956284, 0, ...
 02945   896   NtContinue  (11861204, 0, ...
 02946   924   NtContinue  (13956284, 0, ...
 02947   896   NtContinue  (11861204, 0, ...
 02948   924   NtContinue  (13956284, 0, ...
 02949   896   NtContinue  (11861204, 0, ...
 02950   924   NtContinue  (13956284, 0, ...
 02951   896   NtContinue  (11861204, 0, ...
 02952   924   NtContinue  (13956284, 0, ...
 02953   928   NtContinue  (15006936, 0, ...
 02954   924   NtContinue  (13956284, 0, ...
 02955   928   NtContinue  (15006936, 0, ...
 02956   896   NtContinue  (11861204, 0, ...
 02957   928   NtContinue  (15006936, 0, ...
 02958   896   NtContinue  (11861204, 0, ...
 02959   928   NtContinue  (15006936, 0, ...
 02960   896   NtContinue  (11861204, 0, ...
 02961   928   NtContinue  (15006936, 0, ...
 02962   896   NtContinue  (11861204, 0, ...
 02963   928   NtContinue  (15006936, 0, ...
 02964   896   NtContinue  (11861204, 0, ...
 02965   924   NtContinue  (13956284, 0, ...
 02966   896   NtContinue  (11861204, 0, ...
 02967   924   NtContinue  (13956284, 0, ...
 02968   928   NtContinue  (15006936, 0, ...
 02969   924   NtContinue  (13956284, 0, ...
 02970   928   NtContinue  (15006936, 0, ...
 02971   924   NtContinue  (13956284, 0, ...
 02972   928   NtContinue  (15006936, 0, ...
 02973   924   NtContinue  (13956284, 0, ...
 02974   928   NtContinue  (15006936, 0, ...
 02975   924   NtContinue  (13956284, 0, ...
 02976   928   NtContinue  (15006936, 0, ...
 02977   896   NtContinue  (11861204, 0, ...
 02978   928   NtContinue  (15006936, 0, ...
 02979   896   NtContinue  (11861204, 0, ...
 02980   924   NtContinue  (13956284, 0, ...
 02981   896   NtContinue  (11861204, 0, ...
 02982   924   NtContinue  (13956284, 0, ...
 02983   896   NtContinue  (11861204, 0, ...
 02984   924   NtContinue  (13956284, 0, ...
 02985   896   NtContinue  (11861204, 0, ...
 02986   924   NtContinue  (13956284, 0, ...
 02987   896   NtContinue  (11861204, 0, ...
 02988   924   NtContinue  (13956284, 0, ...
 02989   928   NtContinue  (15006936, 0, ...
 02990   924   NtContinue  (13956284, 0, ...
 02991   928   NtContinue  (15006936, 0, ...
 02992   896   NtContinue  (11861204, 0, ...
 02993   928   NtContinue  (15006936, 0, ...
 02994   896   NtContinue  (11861204, 0, ...
 02995   928   NtContinue  (15006936, 0, ...
 02996   896   NtContinue  (11861204, 0, ...
 02997   928   NtContinue  (15006936, 0, ...
 02998   896   NtContinue  (11861204, 0, ...
 02999   928   NtContinue  (15006936, 0, ...
 03000   896   NtContinue  (11861204, 0, ...
 03001   924   NtContinue  (13956284, 0, ...
 03002   896   NtContinue  (11861204, 0, ...
 03003   924   NtContinue  (13956284, 0, ...
 03004   928   NtContinue  (15006936, 0, ...
 03005   924   NtContinue  (13956284, 0, ...
 03006   928   NtContinue  (15006936, 0, ...
 03007   924   NtContinue  (13956284, 0, ...
 03008   928   NtContinue  (15006936, 0, ...
 03009   924   NtContinue  (13956284, 0, ...
 03010   928   NtContinue  (15006936, 0, ...
 03011   924   NtContinue  (13956284, 0, ...
 03012   928   NtContinue  (15006936, 0, ...
 03013   896   NtContinue  (11861204, 0, ...
 03014   928   NtContinue  (15006936, 0, ...
 03015   896   NtContinue  (11861204, 0, ...
 03016   924   NtContinue  (13956284, 0, ...
 03017   896   NtContinue  (11861204, 0, ...
 03018   924   NtContinue  (13956284, 0, ...
 03019   896   NtContinue  (11861204, 0, ...
 03020   924   NtContinue  (13956284, 0, ...
 03021   924   NtContinue  (13956284, 0, ...
 03022   924   NtContinue  (13956284, 0, ...
 03023   924   NtContinue  (13956284, 0, ...
 03024   924   NtContinue  (13956284, 0, ...
 03025   924   NtContinue  (13956284, 0, ...
 03026   924   NtContinue  (13956284, 0, ...
 03027   924   NtContinue  (13956284, 0, ...
 03028   924   NtContinue  (13956284, 0, ...
 03029   924   NtContinue  (13956284, 0, ...
 03030   896   NtContinue  (11861204, 0, ...
 03031   928   NtContinue  (15006936, 0, ...
 03032   896   NtContinue  (11861204, 0, ...
 03033   928   NtContinue  (15006936, 0, ...
 03034   896   NtContinue  (11861204, 0, ...
 03035   928   NtContinue  (15006936, 0, ...
 03036   896   NtContinue  (11861204, 0, ...
 03037   928   NtContinue  (15006936, 0, ...
 03038   896   NtContinue  (11861204, 0, ...
 03039   928   NtContinue  (15006936, 0, ...
 03040   896   NtContinue  (11861204, 0, ...
 03041   928   NtContinue  (15006936, 0, ...
 03042   924   NtContinue  (13956284, 0, ...
 03043   896   NtContinue  (11861204, 0, ...
 03044   924   NtContinue  (13956284, 0, ...
 03045   896   NtContinue  (11861204, 0, ...
 03046   924   NtContinue  (13956284, 0, ...
 03047   896   NtContinue  (11861204, 0, ...
 03048   924   NtContinue  (13956284, 0, ...
 03049   896   NtContinue  (11861204, 0, ...
 03050   924   NtContinue  (13956284, 0, ...
 03051   896   NtContinue  (11861204, 0, ...
 03052   924   NtContinue  (13956284, 0, ...
 03053   896   NtContinue  (11861204, 0, ...
 03054   928   NtContinue  (15006936, 0, ...
 03055   924   NtContinue  (13956284, 0, ...
 03056   928   NtContinue  (15006936, 0, ...
 03057   924   NtContinue  (13956284, 0, ...
 03058   928   NtContinue  (15006936, 0, ...
 03059   924   NtContinue  (13956284, 0, ...
 03060   928   NtContinue  (15006936, 0, ...
 03061   924   NtContinue  (13956284, 0, ...
 03062   928   NtContinue  (15006936, 0, ...
 03063   924   NtContinue  (13956284, 0, ...
 03064   928   NtContinue  (15006936, 0, ...
 03065   924   NtContinue  (13956284, 0, ...
 03066   896   NtContinue  (11861204, 0, ...
 03067   928   NtContinue  (15006936, 0, ...
 03068   896   NtContinue  (11861204, 0, ...
 03069   928   NtContinue  (15006936, 0, ...
 03070   896   NtContinue  (11861204, 0, ...
 03071   928   NtContinue  (15006936, 0, ...
 03072   896   NtContinue  (11861204, 0, ...
 03073   928   NtContinue  (15006936, 0, ...
 03074   896   NtContinue  (11861204, 0, ...
 03075   928   NtContinue  (15006936, 0, ...
 03076   896   NtContinue  (11861204, 0, ...
 03077   928   NtContinue  (15006936, 0, ...
 03078   924   NtContinue  (13956284, 0, ...
 03079   896   NtContinue  (11861204, 0, ...
 03080   924   NtContinue  (13956284, 0, ...
 03081   896   NtContinue  (11861204, 0, ...
 03082   924   NtContinue  (13956284, 0, ...
 03083   896   NtContinue  (11861204, 0, ...
 03084   924   NtContinue  (13956284, 0, ...
 03085   896   NtContinue  (11861204, 0, ...
 03086   924   NtContinue  (13956284, 0, ...
 03087   896   NtContinue  (11861204, 0, ...
 03088   924   NtContinue  (13956284, 0, ...
 03089   896   NtContinue  (11861204, 0, ...
 03090   928   NtContinue  (15006936, 0, ...
 03091   924   NtContinue  (13956284, 0, ...
 03092   928   NtContinue  (15006936, 0, ...
 03093   924   NtContinue  (13956284, 0, ...
 03094   928   NtContinue  (15006936, 0, ...
 03095   924   NtContinue  (13956284, 0, ...
 03096   928   NtContinue  (15006936, 0, ...
 03097   924   NtContinue  (13956284, 0, ...
 03098   928   NtContinue  (15006936, 0, ...
 03099   924   NtContinue  (13956284, 0, ...
 03100   928   NtContinue  (15006936, 0, ...
 03101   924   NtContinue  (13956284, 0, ...
 03102   896   NtContinue  (11861204, 0, ...
 03103   928   NtContinue  (15006936, 0, ...
 03104   896   NtContinue  (11861204, 0, ...
 03105   928   NtContinue  (15006936, 0, ...
 03106   896   NtContinue  (11861204, 0, ...
 03107   928   NtContinue  (15006936, 0, ...
 03108   896   NtContinue  (11861204, 0, ...
 03109   928   NtContinue  (15006936, 0, ...
 03110   896   NtContinue  (11861204, 0, ...
 03111   928   NtContinue  (15006936, 0, ...
 03112   896   NtContinue  (11861204, 0, ...
 03113   928   NtContinue  (15006936, 0, ...
 03114   924   NtContinue  (13956284, 0, ...
 03115   896   NtContinue  (11861204, 0, ...
 03116   924   NtContinue  (13956284, 0, ...
 03117   896   NtContinue  (11861204, 0, ...
 03118   924   NtContinue  (13956284, 0, ...
 03119   896   NtContinue  (11861204, 0, ...
 03120   924   NtContinue  (13956284, 0, ...
 03121   896   NtContinue  (11861204, 0, ...
 03122   924   NtContinue  (13956284, 0, ...
 03123   896   NtContinue  (11861204, 0, ...
 03124   924   NtContinue  (13956284, 0, ...
 03125   896   NtContinue  (11861204, 0, ...
 03126   928   NtContinue  (15006936, 0, ...
 03127   924   NtContinue  (13956284, 0, ...
 03128   928   NtContinue  (15006936, 0, ...
 03129   924   NtContinue  (13956284, 0, ...
 03130   928   NtContinue  (15006936, 0, ...
 03131   924   NtContinue  (13956284, 0, ...
 03132   928   NtContinue  (15006936, 0, ...
 03133   924   NtContinue  (13956284, 0, ...
 03134   928   NtContinue  (15006936, 0, ...
 03135   924   NtContinue  (13956284, 0, ...
 03136   928   NtContinue  (15006936, 0, ...
 03137   924   NtContinue  (13956284, 0, ...
 03138   896   NtContinue  (11861204, 0, ...
 03139   928   NtContinue  (15006936, 0, ...
 03140   896   NtContinue  (11861204, 0, ...
 03141   928   NtContinue  (15006936, 0, ...
 03142   896   NtContinue  (11861204, 0, ...
 03143   928   NtContinue  (15006936, 0, ...
 03144   896   NtContinue  (11861204, 0, ...
 03145   928   NtContinue  (15006936, 0, ...
 03146   896   NtContinue  (11861204, 0, ...
 03147   928   NtContinue  (15006936, 0, ...
 03148   896   NtContinue  (11861204, 0, ...
 03149   928   NtContinue  (15006936, 0, ...
 03150   924   NtContinue  (13956284, 0, ...
 03151   896   NtContinue  (11861204, 0, ...
 03152   924   NtContinue  (13956284, 0, ...
 03153   896   NtContinue  (11861204, 0, ...
 03154   924   NtContinue  (13956284, 0, ...
 03155   896   NtContinue  (11861204, 0, ...
 03156   924   NtContinue  (13956284, 0, ...
 03157   896   NtContinue  (11861204, 0, ...
 03158   924   NtContinue  (13956284, 0, ...
 03159   896   NtContinue  (11861204, 0, ...
 03160   924   NtContinue  (13956284, 0, ...
 03161   896   NtContinue  (11861204, 0, ...
 03162   928   NtContinue  (15006936, 0, ...
 03163   924   NtContinue  (13956284, 0, ...
 03164   928   NtContinue  (15006936, 0, ...
 03165   924   NtContinue  (13956284, 0, ...
 03166   928   NtContinue  (15006936, 0, ...
 03167   924   NtContinue  (13956284, 0, ...
 03168   928   NtContinue  (15006936, 0, ...
 03169   924   NtContinue  (13956284, 0, ...
 03170   928   NtContinue  (15006936, 0, ...
 03171   924   NtContinue  (13956284, 0, ...
 03172   928   NtContinue  (15006936, 0, ...
 03173   924   NtContinue  (13956284, 0, ...
 03174   896   NtContinue  (11861204, 0, ...
 03175   928   NtContinue  (15006936, 0, ...
 03176   896   NtContinue  (11861204, 0, ...
 03177   928   NtContinue  (15006936, 0, ...
 03178   896   NtContinue  (11861204, 0, ...
 03179   928   NtContinue  (15006936, 0, ...
 03180   896   NtContinue  (11861204, 0, ...
 03181   928   NtContinue  (15006936, 0, ...
 03182   896   NtContinue  (11861204, 0, ...
 03183   928   NtContinue  (15006936, 0, ...
 03184   896   NtContinue  (11861204, 0, ...
 03185   928   NtContinue  (15006936, 0, ...
 03186   924   NtContinue  (13956284, 0, ...
 03187   896   NtContinue  (11861204, 0, ...
 03188   924   NtContinue  (13956284, 0, ...
 03189   896   NtContinue  (11861204, 0, ...
 03190   924   NtContinue  (13956284, 0, ...
 03191   896   NtContinue  (11861204, 0, ...
 03192   924   NtContinue  (13956284, 0, ...
 03193   896   NtContinue  (11861204, 0, ...
 03194   924   NtContinue  (13956284, 0, ...
 03195   896   NtContinue  (11861204, 0, ...
 03196   924   NtContinue  (13956284, 0, ...
 03197   896   NtContinue  (11861204, 0, ...
 03198   928   NtContinue  (15006936, 0, ...
 03199   924   NtContinue  (13956284, 0, ...
 03200   928   NtContinue  (15006936, 0, ...
 03201   924   NtContinue  (13956284, 0, ...
 03202   928   NtContinue  (15006936, 0, ...
 03203   924   NtContinue  (13956284, 0, ...
 03204   928   NtContinue  (15006936, 0, ...
 03205   924   NtContinue  (13956284, 0, ...
 03206   928   NtContinue  (15006936, 0, ...
 03207   924   NtContinue  (13956284, 0, ...
 03208   928   NtContinue  (15006936, 0, ...
 03209   924   NtContinue  (13956284, 0, ...
 03210   896   NtContinue  (11861204, 0, ...
 03211   928   NtContinue  (15006936, 0, ...
 03212   896   NtContinue  (11861204, 0, ...
 03213   928   NtContinue  (15006936, 0, ...
 03214   896   NtContinue  (11861204, 0, ...
 03215   928   NtContinue  (15006936, 0, ...
 03216   896   NtContinue  (11861204, 0, ...
 03217   928   NtContinue  (15006936, 0, ...
 03218   896   NtContinue  (11861204, 0, ...
 03219   928   NtContinue  (15006936, 0, ...
 03220   896   NtContinue  (11861204, 0, ...
 03221   928   NtContinue  (15006936, 0, ...
 03222   924   NtContinue  (13956284, 0, ...
 03223   896   NtContinue  (11861204, 0, ...
 03224   924   NtContinue  (13956284, 0, ...
 03225   896   NtContinue  (11861204, 0, ...
 03226   924   NtContinue  (13956284, 0, ...
 03227   896   NtContinue  (11861204, 0, ...
 03228   924   NtContinue  (13956284, 0, ...
 03229   896   NtContinue  (11861204, 0, ...
 03230   924   NtContinue  (13956284, 0, ...
 03231   896   NtContinue  (11861204, 0, ...
 03232   924   NtContinue  (13956284, 0, ...
 03233   896   NtContinue  (11861204, 0, ...
 03234   928   NtContinue  (15006936, 0, ...
 03235   924   NtContinue  (13956284, 0, ...
 03236   928   NtContinue  (15006936, 0, ...
 03237   924   NtContinue  (13956284, 0, ...
 03238   928   NtContinue  (15006936, 0, ...
 03239   924   NtContinue  (13956284, 0, ...
 03240   928   NtContinue  (15006936, 0, ...
 03241   924   NtContinue  (13956284, 0, ...
 03242   928   NtContinue  (15006936, 0, ...
 03243   924   NtContinue  (13956284, 0, ...
 03244   928   NtContinue  (15006936, 0, ...
 03245   924   NtContinue  (13956284, 0, ...
 03246   896   NtContinue  (11861204, 0, ...
 03247   928   NtContinue  (15006936, 0, ...
 03248   896   NtContinue  (11861204, 0, ...
 03249   928   NtContinue  (15006936, 0, ...
 03250   896   NtContinue  (11861204, 0, ...
 03251   928   NtContinue  (15006936, 0, ...
 03252   896   NtContinue  (11861204, 0, ...
 03253   928   NtContinue  (15006936, 0, ...
 03254   896   NtContinue  (11861204, 0, ...
 03255   928   NtContinue  (15006936, 0, ...
 03256   896   NtContinue  (11861204, 0, ...
 03257   928   NtContinue  (15006936, 0, ...
 03258   924   NtContinue  (13956284, 0, ...
 03259   896   NtContinue  (11861204, 0, ...
 03260   924   NtContinue  (13956284, 0, ...
 03261   896   NtContinue  (11861204, 0, ...
 03262   924   NtContinue  (13956284, 0, ...
 03263   896   NtContinue  (11861204, 0, ...
 03264   924   NtContinue  (13956284, 0, ...
 03265   896   NtContinue  (11861204, 0, ...
 03266   924   NtContinue  (13956284, 0, ...
 03267   896   NtContinue  (11861204, 0, ...
 03268   924   NtContinue  (13956284, 0, ...
 03269   896   NtContinue  (11861204, 0, ...
 03270   928   NtContinue  (15006936, 0, ...
 03271   924   NtContinue  (13956284, 0, ...
 03272   928   NtContinue  (15006936, 0, ...
 03273   924   NtContinue  (13956284, 0, ...
 03274   928   NtContinue  (15006936, 0, ...
 03275   924   NtContinue  (13956284, 0, ...
 03276   928   NtContinue  (15006936, 0, ...
 03277   924   NtContinue  (13956284, 0, ...
 03278   928   NtContinue  (15006936, 0, ...
 03279   924   NtContinue  (13956284, 0, ...
 03280   928   NtContinue  (15006936, 0, ...
 03281   924   NtContinue  (13956284, 0, ...
 03282   896   NtContinue  (11861204, 0, ...
 03283   928   NtContinue  (15006936, 0, ...
 03284   896   NtContinue  (11861204, 0, ...
 03285   928   NtContinue  (15006936, 0, ...
 03286   896   NtContinue  (11861204, 0, ...
 03287   928   NtContinue  (15006936, 0, ...
 03288   896   NtContinue  (11861204, 0, ...
 03289   928   NtContinue  (15006936, 0, ...
 03290   896   NtContinue  (11861204, 0, ...
 03291   928   NtContinue  (15006936, 0, ...
 03292   896   NtContinue  (11861204, 0, ...
 03293   928   NtContinue  (15006936, 0, ...
 03294   924   NtContinue  (13956284, 0, ...
 03295   896   NtContinue  (11861204, 0, ...
 03296   924   NtContinue  (13956284, 0, ...
 03297   896   NtContinue  (11861204, 0, ...
 03298   924   NtContinue  (13956284, 0, ...
 03299   896   NtContinue  (11861204, 0, ...
 03300   924   NtContinue  (13956284, 0, ...
 03301   896   NtContinue  (11861204, 0, ...
 03302   924   NtContinue  (13956284, 0, ...
 03303   896   NtContinue  (11861204, 0, ...
 03304   924   NtContinue  (13956284, 0, ...
 03305   896   NtContinue  (11861204, 0, ...
 03306   928   NtContinue  (15006936, 0, ...
 03307   924   NtContinue  (13956284, 0, ...
 03308   928   NtContinue  (15006936, 0, ...
 03309   924   NtContinue  (13956284, 0, ...
 03310   928   NtContinue  (15006936, 0, ...
 03311   924   NtContinue  (13956284, 0, ...
 03312   928   NtContinue  (15006936, 0, ...
 03313   924   NtContinue  (13956284, 0, ...
 03314   928   NtContinue  (15006936, 0, ...
 03315   924   NtContinue  (13956284, 0, ...
 03316   928   NtContinue  (15006936, 0, ...
 03317   924   NtContinue  (13956284, 0, ...
 03318   896   NtContinue  (11861204, 0, ...
 03319   928   NtContinue  (15006936, 0, ...
 03320   896   NtContinue  (11861204, 0, ...
 03321   928   NtContinue  (15006936, 0, ...
 03322   896   NtContinue  (11861204, 0, ...
 03323   928   NtContinue  (15006936, 0, ...
 03324   896   NtContinue  (11861204, 0, ...
 03325   928   NtContinue  (15006936, 0, ...
 03326   896   NtContinue  (11861204, 0, ...
 03327   928   NtContinue  (15006936, 0, ...
 03328   896   NtContinue  (11861204, 0, ...
 03329   928   NtContinue  (15006936, 0, ...
 03330   924   NtContinue  (13956284, 0, ...
 03331   896   NtContinue  (11861204, 0, ...
 03332   924   NtContinue  (13956284, 0, ...
 03333   896   NtContinue  (11861204, 0, ...
 03334   924   NtContinue  (13956284, 0, ...
 03335   896   NtContinue  (11861204, 0, ...
 03336   924   NtContinue  (13956284, 0, ...
 03337   896   NtContinue  (11861204, 0, ...
 03338   924   NtContinue  (13956284, 0, ...
 03339   896   NtContinue  (11861204, 0, ...
 03340   924   NtContinue  (13956284, 0, ...
 03341   896   NtContinue  (11861204, 0, ...
 03342   928   NtContinue  (15006936, 0, ...
 03343   924   NtContinue  (13956284, 0, ...
 03344   928   NtContinue  (15006936, 0, ...
 03345   924   NtContinue  (13956284, 0, ...
 03346   928   NtContinue  (15006936, 0, ...
 03347   924   NtContinue  (13956284, 0, ...
 03348   928   NtContinue  (15006936, 0, ...
 03349   924   NtContinue  (13956284, 0, ...
 03350   928   NtContinue  (15006936, 0, ...
 03351   924   NtContinue  (13956284, 0, ...
 03352   928   NtContinue  (15006936, 0, ...
 03353   924   NtContinue  (13956284, 0, ...
 03354   896   NtContinue  (11861204, 0, ...
 03355   928   NtContinue  (15006936, 0, ...
 03356   896   NtContinue  (11861204, 0, ...
 03357   928   NtContinue  (15006936, 0, ...
 03358   896   NtContinue  (11861204, 0, ...
 03359   928   NtContinue  (15006936, 0, ...
 03360   896   NtContinue  (11861204, 0, ...
 03361   928   NtContinue  (15006936, 0, ...
 03362   896   NtContinue  (11861204, 0, ...
 03363   928   NtContinue  (15006936, 0, ...
 03364   896   NtContinue  (11861204, 0, ...
 03365   928   NtContinue  (15006936, 0, ...
 03366   924   NtContinue  (13956284, 0, ...
 03367   896   NtContinue  (11861204, 0, ...
 03368   924   NtContinue  (13956284, 0, ...
 03369   896   NtContinue  (11861204, 0, ...
 03370   924   NtContinue  (13956284, 0, ...
 03371   896   NtContinue  (11861204, 0, ...
 03372   924   NtContinue  (13956284, 0, ...
 03373   896   NtContinue  (11861204, 0, ...
 03374   924   NtContinue  (13956284, 0, ...
 03375   896   NtContinue  (11861204, 0, ...
 03376   924   NtContinue  (13956284, 0, ...
 03377   896   NtContinue  (11861204, 0, ...
 03378   928   NtContinue  (15006936, 0, ...
 03379   924   NtContinue  (13956284, 0, ...
 03380   928   NtContinue  (15006936, 0, ...
 03381   924   NtContinue  (13956284, 0, ...
 03382   928   NtContinue  (15006936, 0, ...
 03383   924   NtContinue  (13956284, 0, ...
 03384   928   NtContinue  (15006936, 0, ...
 03385   924   NtContinue  (13956284, 0, ...
 03386   928   NtContinue  (15006936, 0, ...
 03387   924   NtContinue  (13956284, 0, ...
 03388   928   NtContinue  (15006936, 0, ...
 03389   924   NtContinue  (13956284, 0, ...
 03390   896   NtContinue  (11861204, 0, ...
 03391   928   NtContinue  (15006936, 0, ...
 03392   896   NtContinue  (11861204, 0, ...
 03393   928   NtContinue  (15006936, 0, ...
 03394   896   NtContinue  (11861204, 0, ...
 03395   928   NtContinue  (15006936, 0, ...
 03396   896   NtContinue  (11861204, 0, ...
 03397   928   NtContinue  (15006936, 0, ...
 03398   896   NtContinue  (11861204, 0, ...
 03399   928   NtContinue  (15006936, 0, ...
 03400   896   NtContinue  (11861204, 0, ...
 03401   928   NtContinue  (15006936, 0, ...
 03402   924   NtContinue  (13956284, 0, ...
 03403   896   NtContinue  (11861204, 0, ...
 03404   924   NtContinue  (13956284, 0, ...
 03405   896   NtContinue  (11861204, 0, ...
 03406   924   NtContinue  (13956284, 0, ...
 03407   896   NtContinue  (11861204, 0, ...
 03408   924   NtContinue  (13956284, 0, ...
 03409   896   NtContinue  (11861204, 0, ...
 03410   924   NtContinue  (13956284, 0, ...
 03411   896   NtContinue  (11861204, 0, ...
 03412   924   NtContinue  (13956284, 0, ...
 03413   896   NtContinue  (11861204, 0, ...
 03414   928   NtContinue  (15006936, 0, ...
 03415   924   NtContinue  (13956284, 0, ...
 03416   928   NtContinue  (15006936, 0, ...
 03417   924   NtContinue  (13956284, 0, ...
 03418   928   NtContinue  (15006936, 0, ...
 03419   924   NtContinue  (13956284, 0, ...
 03420   896   NtContinue  (11861204, 0, ...
 03421   924   NtContinue  (13956284, 0, ...
 03422   896   NtContinue  (11861204, 0, ...
 03423   924   NtContinue  (13956284, 0, ...
 03424   896   NtContinue  (11861204, 0, ...
 03425   924   NtContinue  (13956284, 0, ...
 03426   896   NtContinue  (11861204, 0, ...
 03427   928   NtContinue  (15006936, 0, ...
 03428   896   NtContinue  (11861204, 0, ...
 03429   928   NtContinue  (15006936, 0, ...
 03430   896   NtContinue  (11861204, 0, ...
 03431   928   NtContinue  (15006936, 0, ...
 03432   924   NtContinue  (13956284, 0, ...
 03433   928   NtContinue  (15006936, 0, ...
 03434   924   NtContinue  (13956284, 0, ...
 03435   928   NtContinue  (15006936, 0, ...
 03436   924   NtContinue  (13956284, 0, ...
 03437   928   NtContinue  (15006936, 0, ...
 03438   924   NtContinue  (13956284, 0, ...
 03439   896   NtContinue  (11861204, 0, ...
 03440   924   NtContinue  (13956284, 0, ...
 03441   896   NtContinue  (11861204, 0, ...
 03442   924   NtContinue  (13956284, 0, ...
 03443   896   NtContinue  (11861204, 0, ...
 03444   928   NtContinue  (15006936, 0, ...
 03445   896   NtContinue  (11861204, 0, ...
 03446   928   NtContinue  (15006936, 0, ...
 03447   896   NtContinue  (11861204, 0, ...
 03448   928   NtContinue  (15006936, 0, ...
 03449   896   NtContinue  (11861204, 0, ...
 03450   928   NtContinue  (15006936, 0, ...
 03451   924   NtContinue  (13956284, 0, ...
 03452   928   NtContinue  (15006936, 0, ...
 03453   924   NtContinue  (13956284, 0, ...
 03454   928   NtContinue  (15006936, 0, ...
 03455   924   NtContinue  (13956284, 0, ...
 03456   896   NtContinue  (11861204, 0, ...
 03457   924   NtContinue  (13956284, 0, ...
 03458   896   NtContinue  (11861204, 0, ...
 03459   924   NtContinue  (13956284, 0, ...
 03460   896   NtContinue  (11861204, 0, ...
 03461   924   NtContinue  (13956284, 0, ...
 03462   896   NtContinue  (11861204, 0, ...
 03463   928   NtContinue  (15006936, 0, ...
 03464   896   NtContinue  (11861204, 0, ...
 03465   928   NtContinue  (15006936, 0, ...
 03466   896   NtContinue  (11861204, 0, ...
 03467   928   NtContinue  (15006936, 0, ...
 03468   924   NtContinue  (13956284, 0, ...
 03469   928   NtContinue  (15006936, 0, ...
 03470   924   NtContinue  (13956284, 0, ...
 03471   928   NtContinue  (15006936, 0, ...
 03472   924   NtContinue  (13956284, 0, ...
 03473   928   NtContinue  (15006936, 0, ...
 03474   924   NtContinue  (13956284, 0, ...
 03475   896   NtContinue  (11861204, 0, ...
 03476   924   NtContinue  (13956284, 0, ...
 03477   896   NtContinue  (11861204, 0, ...
 03478   924   NtContinue  (13956284, 0, ...
 03479   896   NtContinue  (11861204, 0, ...
 03480   928   NtContinue  (15006936, 0, ...
 03481   896   NtContinue  (11861204, 0, ...
 03482   928   NtContinue  (15006936, 0, ...
 03483   896   NtContinue  (11861204, 0, ...
 03484   928   NtContinue  (15006936, 0, ...
 03485   896   NtContinue  (11861204, 0, ...
 03486   928   NtContinue  (15006936, 0, ...
 03487   924   NtContinue  (13956284, 0, ...
 03488   928   NtContinue  (15006936, 0, ...
 03489   924   NtContinue  (13956284, 0, ...
 03490   928   NtContinue  (15006936, 0, ...
 03491   924   NtContinue  (13956284, 0, ...
 03492   896   NtContinue  (11861204, 0, ...
 03493   924   NtContinue  (13956284, 0, ...
 03494   896   NtContinue  (11861204, 0, ...
 03495   924   NtContinue  (13956284, 0, ...
 03496   896   NtContinue  (11861204, 0, ...
 03497   924   NtContinue  (13956284, 0, ...
 03498   896   NtContinue  (11861204, 0, ...
 03499   928   NtContinue  (15006936, 0, ...
 03500   896   NtContinue  (11861204, 0, ...
 03501   928   NtContinue  (15006936, 0, ...
 03502   896   NtContinue  (11861204, 0, ...
 03503   928   NtContinue  (15006936, 0, ...
 03504   924   NtContinue  (13956284, 0, ...
 03505   928   NtContinue  (15006936, 0, ...
 03506   924   NtContinue  (13956284, 0, ...
 03507   928   NtContinue  (15006936, 0, ...
 03508   924   NtContinue  (13956284, 0, ...
 03509   928   NtContinue  (15006936, 0, ...
 03510   924   NtContinue  (13956284, 0, ...
 03511   896   NtContinue  (11861204, 0, ...
 03512   924   NtContinue  (13956284, 0, ...
 03513   896   NtContinue  (11861204, 0, ...
 03514   924   NtContinue  (13956284, 0, ...
 03515   896   NtContinue  (11861204, 0, ...
 03516   928   NtContinue  (15006936, 0, ...
 03517   896   NtContinue  (11861204, 0, ...
 03518   928   NtContinue  (15006936, 0, ...
 03519   896   NtContinue  (11861204, 0, ...
 03520   928   NtContinue  (15006936, 0, ...
 03521   896   NtContinue  (11861204, 0, ...
 03522   928   NtContinue  (15006936, 0, ...
 03523   924   NtContinue  (13956284, 0, ...
 03524   928   NtContinue  (15006936, 0, ...
 03525   924   NtContinue  (13956284, 0, ...
 03526   928   NtContinue  (15006936, 0, ...
 03527   924   NtContinue  (13956284, 0, ...
 03528   896   NtContinue  (11861204, 0, ...
 03529   924   NtContinue  (13956284, 0, ...
 03530   896   NtContinue  (11861204, 0, ...
 03531   924   NtContinue  (13956284, 0, ...
 03532   896   NtContinue  (11861204, 0, ...
 03533   924   NtContinue  (13956284, 0, ...
 03534   896   NtContinue  (11861204, 0, ...
 03535   928   NtContinue  (15006936, 0, ...
 03536   896   NtContinue  (11861204, 0, ...
 03537   928   NtContinue  (15006936, 0, ...
 03538   896   NtContinue  (11861204, 0, ...
 03539   928   NtContinue  (15006936, 0, ...
 03540   924   NtContinue  (13956284, 0, ...
 03541   928   NtContinue  (15006936, 0, ...
 03542   924   NtContinue  (13956284, 0, ...
 03543   928   NtContinue  (15006936, 0, ...
 03544   924   NtContinue  (13956284, 0, ...
 03545   928   NtContinue  (15006936, 0, ...
 03546   924   NtContinue  (13956284, 0, ...
 03547   896   NtContinue  (11861204, 0, ...
 03548   924   NtContinue  (13956284, 0, ...
 03549   896   NtContinue  (11861204, 0, ...
 03550   924   NtContinue  (13956284, 0, ...
 03551   896   NtContinue  (11861204, 0, ...
 03552   928   NtContinue  (15006936, 0, ...
 03553   896   NtContinue  (11861204, 0, ...
 03554   928   NtContinue  (15006936, 0, ...
 03555   896   NtContinue  (11861204, 0, ...
 03556   928   NtContinue  (15006936, 0, ...
 03557   896   NtContinue  (11861204, 0, ...
 03558   928   NtContinue  (15006936, 0, ...
 03559   924   NtContinue  (13956284, 0, ...
 03560   928   NtContinue  (15006936, 0, ...
 03561   924   NtContinue  (13956284, 0, ...
 03562   928   NtContinue  (15006936, 0, ...
 03563   924   NtContinue  (13956284, 0, ...
 03564   896   NtContinue  (11861204, 0, ...
 03565   924   NtContinue  (13956284, 0, ...
 03566   896   NtContinue  (11861204, 0, ...
 03567   924   NtContinue  (13956284, 0, ...
 03568   896   NtContinue  (11861204, 0, ...
 03569   924   NtContinue  (13956284, 0, ...
 03570   896   NtContinue  (11861204, 0, ...
 03571   928   NtContinue  (15006936, 0, ...
 03572   896   NtContinue  (11861204, 0, ...
 03573   928   NtContinue  (15006936, 0, ...
 03574   896   NtContinue  (11861204, 0, ...
 03575   928   NtContinue  (15006936, 0, ...
 03576   924   NtContinue  (13956284, 0, ...
 03577   928   NtContinue  (15006936, 0, ...
 03578   924   NtContinue  (13956284, 0, ...
 03579   928   NtContinue  (15006936, 0, ...
 03580   924   NtContinue  (13956284, 0, ...
 03581   928   NtContinue  (15006936, 0, ...
 03582   924   NtContinue  (13956284, 0, ...
 03583   896   NtContinue  (11861204, 0, ...
 03584   924   NtContinue  (13956284, 0, ...
 03585   896   NtContinue  (11861204, 0, ...
 03586   924   NtContinue  (13956284, 0, ...
 03587   896   NtContinue  (11861204, 0, ...
 03588   928   NtContinue  (15006936, 0, ...
 03589   896   NtContinue  (11861204, 0, ...
 03590   928   NtContinue  (15006936, 0, ...
 03591   896   NtContinue  (11861204, 0, ...
 03592   928   NtContinue  (15006936, 0, ...
 03593   896   NtContinue  (11861204, 0, ...
 03594   928   NtContinue  (15006936, 0, ...
 03595   924   NtContinue  (13956284, 0, ...
 03596   928   NtContinue  (15006936, 0, ...
 03597   924   NtContinue  (13956284, 0, ...
 03598   928   NtContinue  (15006936, 0, ...
 03599   924   NtContinue  (13956284, 0, ...
 03600   896   NtContinue  (11861204, 0, ...
 03601   924   NtContinue  (13956284, 0, ...
 03602   896   NtContinue  (11861204, 0, ...
 03603   924   NtContinue  (13956284, 0, ...
 03604   896   NtContinue  (11861204, 0, ...
 03605   924   NtContinue  (13956284, 0, ...
 03606   896   NtContinue  (11861204, 0, ...
 03607   928   NtContinue  (15006936, 0, ...
 03608   896   NtContinue  (11861204, 0, ...
 03609   928   NtContinue  (15006936, 0, ...
 03610   896   NtContinue  (11861204, 0, ...
 03611   928   NtContinue  (15006936, 0, ...
 03612   924   NtContinue  (13956284, 0, ...
 03613   928   NtContinue  (15006936, 0, ...
 03614   924   NtContinue  (13956284, 0, ...
 03615   928   NtContinue  (15006936, 0, ...
 03616   924   NtContinue  (13956284, 0, ...
 03617   928   NtContinue  (15006936, 0, ...
 03618   924   NtContinue  (13956284, 0, ...
 03619   896   NtContinue  (11861204, 0, ...
 03620   924   NtContinue  (13956284, 0, ...
 03621   896   NtContinue  (11861204, 0, ...
 03622   924   NtContinue  (13956284, 0, ...
 03623   896   NtContinue  (11861204, 0, ...
 03624   928   NtContinue  (15006936, 0, ...
 03625   896   NtContinue  (11861204, 0, ...
 03626   928   NtContinue  (15006936, 0, ...
 03627   896   NtContinue  (11861204, 0, ...
 03628   928   NtContinue  (15006936, 0, ...
 03629   896   NtContinue  (11861204, 0, ...
 03630   928   NtContinue  (15006936, 0, ...
 03631   924   NtContinue  (13956284, 0, ...
 03632   928   NtContinue  (15006936, 0, ...
 03633   924   NtContinue  (13956284, 0, ...
 03634   928   NtContinue  (15006936, 0, ...
 03635   924   NtContinue  (13956284, 0, ...
 03636   896   NtContinue  (11861204, 0, ...
 03637   924   NtContinue  (13956284, 0, ...
 03638   896   NtContinue  (11861204, 0, ...
 03639   924   NtContinue  (13956284, 0, ...
 03640   896   NtContinue  (11861204, 0, ...
 03641   924   NtContinue  (13956284, 0, ...
 03642   896   NtContinue  (11861204, 0, ...
 03643   928   NtContinue  (15006936, 0, ...
 03644   896   NtContinue  (11861204, 0, ...
 03645   928   NtContinue  (15006936, 0, ...
 03646   896   NtContinue  (11861204, 0, ...
 03647   928   NtContinue  (15006936, 0, ...
 03648   924   NtContinue  (13956284, 0, ...
 03649   928   NtContinue  (15006936, 0, ...
 03650   924   NtContinue  (13956284, 0, ...
 03651   928   NtContinue  (15006936, 0, ...
 03652   924   NtContinue  (13956284, 0, ...
 03653   928   NtContinue  (15006936, 0, ...
 03654   924   NtContinue  (13956284, 0, ...
 03655   896   NtContinue  (11861204, 0, ...
 03656   924   NtContinue  (13956284, 0, ...
 03657   896   NtContinue  (11861204, 0, ...
 03658   924   NtContinue  (13956284, 0, ...
 03659   896   NtContinue  (11861204, 0, ...
 03660   928   NtContinue  (15006936, 0, ...
 03661   896   NtContinue  (11861204, 0, ...
 03662   928   NtContinue  (15006936, 0, ...
 03663   896   NtContinue  (11861204, 0, ...
 03664   928   NtContinue  (15006936, 0, ...
 03665   896   NtContinue  (11861204, 0, ...
 03666   928   NtContinue  (15006936, 0, ...
 03667   924   NtContinue  (13956284, 0, ...
 03668   928   NtContinue  (15006936, 0, ...
 03669   924   NtContinue  (13956284, 0, ...
 03670   928   NtContinue  (15006936, 0, ...
 03671   924   NtContinue  (13956284, 0, ...
 03672   896   NtContinue  (11861204, 0, ...
 03673   924   NtContinue  (13956284, 0, ...
 03674   896   NtContinue  (11861204, 0, ...
 03675   924   NtContinue  (13956284, 0, ...
 03676   896   NtContinue  (11861204, 0, ...
 03677   924   NtContinue  (13956284, 0, ...
 03678   896   NtContinue  (11861204, 0, ...
 03679   928   NtContinue  (15006936, 0, ...
 03680   896   NtContinue  (11861204, 0, ...
 03681   928   NtContinue  (15006936, 0, ...
 03682   896   NtContinue  (11861204, 0, ...
 03683   928   NtContinue  (15006936, 0, ...
 03684   924   NtContinue  (13956284, 0, ...
 03685   928   NtContinue  (15006936, 0, ...
 03686   924   NtContinue  (13956284, 0, ...
 03687   928   NtContinue  (15006936, 0, ...
 03688   924   NtContinue  (13956284, 0, ...
 03689   928   NtContinue  (15006936, 0, ...
 03690   924   NtContinue  (13956284, 0, ...
 03691   896   NtContinue  (11861204, 0, ...
 03692   924   NtContinue  (13956284, 0, ...
 03693   896   NtContinue  (11861204, 0, ...
 03694   924   NtContinue  (13956284, 0, ...
 03695   896   NtContinue  (11861204, 0, ...
 03696   928   NtContinue  (15006936, 0, ...
 03697   896   NtContinue  (11861204, 0, ...
 03698   928   NtContinue  (15006936, 0, ...
 03699   896   NtContinue  (11861204, 0, ...
 03700   928   NtContinue  (15006936, 0, ...
 03701   896   NtContinue  (11861204, 0, ...
 03702   928   NtContinue  (15006936, 0, ...
 03703   924   NtContinue  (13956284, 0, ...
 03704   928   NtContinue  (15006936, 0, ...
 03705   924   NtContinue  (13956284, 0, ...
 03706   928   NtContinue  (15006936, 0, ...
 03707   924   NtContinue  (13956284, 0, ...
 03708   896   NtContinue  (11861204, 0, ...
 03709   924   NtContinue  (13956284, 0, ...
 03710   896   NtContinue  (11861204, 0, ...
 03711   924   NtContinue  (13956284, 0, ...
 03712   896   NtContinue  (11861204, 0, ...
 03713   924   NtContinue  (13956284, 0, ...
 03714   896   NtContinue  (11861204, 0, ...
 03715   928   NtContinue  (15006936, 0, ...
 03716   896   NtContinue  (11861204, 0, ...
 03717   928   NtContinue  (15006936, 0, ...
 03718   896   NtContinue  (11861204, 0, ...
 03719   928   NtContinue  (15006936, 0, ...
 03720   924   NtContinue  (13956284, 0, ...
 03721   928   NtContinue  (15006936, 0, ...
 03722   924   NtContinue  (13956284, 0, ...
 03723   928   NtContinue  (15006936, 0, ...
 03724   924   NtContinue  (13956284, 0, ...
 03725   928   NtContinue  (15006936, 0, ...
 03726   924   NtContinue  (13956284, 0, ...
 03727   896   NtContinue  (11861204, 0, ...
 03728   924   NtContinue  (13956284, 0, ...
 03729   896   NtContinue  (11861204, 0, ...
 03730   924   NtContinue  (13956284, 0, ...
 03731   896   NtContinue  (11861204, 0, ...
 03732   928   NtContinue  (15006936, 0, ...
 03733   896   NtContinue  (11861204, 0, ...
 03734   928   NtContinue  (15006936, 0, ...
 03735   896   NtContinue  (11861204, 0, ...
 03736   928   NtContinue  (15006936, 0, ...
 03737   896   NtContinue  (11861204, 0, ...
 03738   928   NtContinue  (15006936, 0, ...
 03739   924   NtContinue  (13956284, 0, ...
 03740   928   NtContinue  (15006936, 0, ...
 03741   924   NtContinue  (13956284, 0, ...
 03742   928   NtContinue  (15006936, 0, ...
 03743   924   NtContinue  (13956284, 0, ...
 03744   896   NtContinue  (11861204, 0, ...
 03745   924   NtContinue  (13956284, 0, ...
 03746   896   NtContinue  (11861204, 0, ...
 03747   924   NtContinue  (13956284, 0, ...
 03748   896   NtContinue  (11861204, 0, ...
 03749   924   NtContinue  (13956284, 0, ...
 03750   896   NtContinue  (11861204, 0, ...
 03751   928   NtContinue  (15006936, 0, ...
 03752   896   NtContinue  (11861204, 0, ...
 03753   928   NtContinue  (15006936, 0, ...
 03754   896   NtContinue  (11861204, 0, ...
 03755   928   NtContinue  (15006936, 0, ...
 03756   924   NtContinue  (13956284, 0, ...
 03757   928   NtContinue  (15006936, 0, ...
 03758   924   NtContinue  (13956284, 0, ...
 03759   928   NtContinue  (15006936, 0, ...
 03760   924   NtContinue  (13956284, 0, ...
 03761   928   NtContinue  (15006936, 0, ...
 03762   924   NtContinue  (13956284, 0, ...
 03763   896   NtContinue  (11861204, 0, ...
 03764   924   NtContinue  (13956284, 0, ...
 03765   896   NtContinue  (11861204, 0, ...
 03766   924   NtContinue  (13956284, 0, ...
 03767   896   NtContinue  (11861204, 0, ...
 03768   928   NtContinue  (15006936, 0, ...
 03769   896   NtContinue  (11861204, 0, ...
 03770   928   NtContinue  (15006936, 0, ...
 03771   896   NtContinue  (11861204, 0, ...
 03772   928   NtContinue  (15006936, 0, ...
 03773   896   NtContinue  (11861204, 0, ...
 03774   928   NtContinue  (15006936, 0, ...
 03775   924   NtContinue  (13956284, 0, ...
 03776   928   NtContinue  (15006936, 0, ...
 03777   924   NtContinue  (13956284, 0, ...
 03778   928   NtContinue  (15006936, 0, ...
 03779   924   NtContinue  (13956284, 0, ...
 03780   896   NtContinue  (11861204, 0, ...
 03781   924   NtContinue  (13956284, 0, ...
 03782   896   NtContinue  (11861204, 0, ...
 03783   924   NtContinue  (13956284, 0, ...
 03784   896   NtContinue  (11861204, 0, ...
 03785   924   NtContinue  (13956284, 0, ...
 03786   896   NtContinue  (11861204, 0, ...
 03787   928   NtContinue  (15006936, 0, ...
 03788   896   NtContinue  (11861204, 0, ...
 03789   928   NtContinue  (15006936, 0, ...
 03790   896   NtContinue  (11861204, 0, ...
 03791   928   NtContinue  (15006936, 0, ...
 03792   924   NtContinue  (13956284, 0, ...
 03793   928   NtContinue  (15006936, 0, ...
 03794   924   NtContinue  (13956284, 0, ...
 03795   928   NtContinue  (15006936, 0, ...
 03796   924   NtContinue  (13956284, 0, ...
 03797   928   NtContinue  (15006936, 0, ...
 03798   924   NtContinue  (13956284, 0, ...
 03799   896   NtContinue  (11861204, 0, ...
 03800   924   NtContinue  (13956284, 0, ...
 03801   896   NtContinue  (11861204, 0, ...
 03802   924   NtContinue  (13956284, 0, ...
 03803   896   NtContinue  (11861204, 0, ...
 03804   928   NtContinue  (15006936, 0, ...
 03805   928   NtContinue  (15006936, 0, ...
 03806   928   NtContinue  (15006936, 0, ...
 03807   928   NtContinue  (15006936, 0, ...
 03808   928   NtContinue  (15006936, 0, ...
 03809   928   NtContinue  (15006936, 0, ...
 03810   928   NtContinue  (15006936, 0, ...
 03811   928   NtContinue  (15006936, 0, ...
 03812   928   NtContinue  (15006936, 0, ...
 03813   928   NtContinue  (15006936, 0, ...
 03814   928   NtContinue  (15006936, 0, ...
 03815   928   NtContinue  (15006936, 0, ...
 03816   896   NtContinue  (11861204, 0, ...
 03817   924   NtContinue  (13956284, 0, ...
 03818   896   NtContinue  (11861204, 0, ...
 03819   924   NtContinue  (13956284, 0, ...
 03820   896   NtContinue  (11861204, 0, ...
 03821   924   NtContinue  (13956284, 0, ...
 03822   896   NtContinue  (11861204, 0, ...
 03823   924   NtContinue  (13956284, 0, ...
 03824   896   NtContinue  (11861204, 0, ...
 03825   924   NtContinue  (13956284, 0, ...
 03826   896   NtContinue  (11861204, 0, ...
 03827   924   NtContinue  (13956284, 0, ...
 03828   928   NtContinue  (15006936, 0, ...
 03829   896   NtContinue  (11861204, 0, ...
 03830   928   NtContinue  (15006936, 0, ...
 03831   896   NtContinue  (11861204, 0, ...
 03832   928   NtContinue  (15006936, 0, ...
 03833   896   NtContinue  (11861204, 0, ...
 03834   928   NtContinue  (15006936, 0, ...
 03835   896   NtContinue  (11861204, 0, ...
 03836   928   NtContinue  (15006936, 0, ...
 03837   896   NtContinue  (11861204, 0, ...
 03838   928   NtContinue  (15006936, 0, ...
 03839   896   NtContinue  (11861204, 0, ...
 03840   924   NtContinue  (13956284, 0, ...
 03841   928   NtContinue  (15006936, 0, ...
 03842   924   NtContinue  (13956284, 0, ...
 03843   928   NtContinue  (15006936, 0, ...
 03844   924   NtContinue  (13956284, 0, ...
 03845   928   NtContinue  (15006936, 0, ...
 03846   924   NtContinue  (13956284, 0, ...
 03847   928   NtContinue  (15006936, 0, ...
 03848   924   NtContinue  (13956284, 0, ...
 03849   928   NtContinue  (15006936, 0, ...
 03850   924   NtContinue  (13956284, 0, ...
 03851   928   NtContinue  (15006936, 0, ...
 03852   896   NtContinue  (11861204, 0, ...
 03853   924   NtContinue  (13956284, 0, ...
 03854   896   NtContinue  (11861204, 0, ...
 03855   924   NtContinue  (13956284, 0, ...
 03856   896   NtContinue  (11861204, 0, ...
 03857   924   NtContinue  (13956284, 0, ...
 03858   896   NtContinue  (11861204, 0, ...
 03859   924   NtContinue  (13956284, 0, ...
 03860   896   NtContinue  (11861204, 0, ...
 03861   924   NtContinue  (13956284, 0, ...
 03862   896   NtContinue  (11861204, 0, ...
 03863   924   NtContinue  (13956284, 0, ...
 03864   928   NtContinue  (15006936, 0, ...
 03865   896   NtContinue  (11861204, 0, ...
 03866   928   NtContinue  (15006936, 0, ...
 03867   896   NtContinue  (11861204, 0, ...
 03868   928   NtContinue  (15006936, 0, ...
 03869   896   NtContinue  (11861204, 0, ...
 03870   928   NtContinue  (15006936, 0, ...
 03871   896   NtContinue  (11861204, 0, ...
 03872   928   NtContinue  (15006936, 0, ...
 03873   896   NtContinue  (11861204, 0, ...
 03874   928   NtContinue  (15006936, 0, ...
 03875   896   NtContinue  (11861204, 0, ...
 03876   924   NtContinue  (13956284, 0, ...
 03877   928   NtContinue  (15006936, 0, ...
 03878   924   NtContinue  (13956284, 0, ...
 03879   928   NtContinue  (15006936, 0, ...
 03880   924   NtContinue  (13956284, 0, ...
 03881   928   NtContinue  (15006936, 0, ...
 03882   924   NtContinue  (13956284, 0, ...
 03883   928   NtContinue  (15006936, 0, ...
 03884   924   NtContinue  (13956284, 0, ...
 03885   928   NtContinue  (15006936, 0, ...
 03886   924   NtContinue  (13956284, 0, ...
 03887   928   NtContinue  (15006936, 0, ...
 03888   896   NtContinue  (11861204, 0, ...
 03889   924   NtContinue  (13956284, 0, ...
 03890   896   NtContinue  (11861204, 0, ...
 03891   924   NtContinue  (13956284, 0, ...
 03892   896   NtContinue  (11861204, 0, ...
 03893   924   NtContinue  (13956284, 0, ...
 03894   896   NtContinue  (11861204, 0, ...
 03895   924   NtContinue  (13956284, 0, ...
 03896   896   NtContinue  (11861204, 0, ...
 03897   924   NtContinue  (13956284, 0, ...
 03898   896   NtContinue  (11861204, 0, ...
 03899   924   NtContinue  (13956284, 0, ...
 03900   928   NtContinue  (15006936, 0, ...
 03901   896   NtContinue  (11861204, 0, ...
 03902   928   NtContinue  (15006936, 0, ...
 03903   896   NtContinue  (11861204, 0, ...
 03904   928   NtContinue  (15006936, 0, ...
 03905   896   NtContinue  (11861204, 0, ...
 03906   928   NtContinue  (15006936, 0, ...
 03907   896   NtContinue  (11861204, 0, ...
 03908   928   NtContinue  (15006936, 0, ...
 03909   896   NtContinue  (11861204, 0, ...
 03910   928   NtContinue  (15006936, 0, ...
 03911   896   NtContinue  (11861204, 0, ...
 03912   924   NtContinue  (13956284, 0, ...
 03913   928   NtContinue  (15006936, 0, ...
 03914   924   NtContinue  (13956284, 0, ...
 03915   928   NtContinue  (15006936, 0, ...
 03916   924   NtContinue  (13956284, 0, ...
 03917   928   NtContinue  (15006936, 0, ...
 03918   924   NtContinue  (13956284, 0, ...
 03919   928   NtContinue  (15006936, 0, ...
 03920   924   NtContinue  (13956284, 0, ...
 03921   928   NtContinue  (15006936, 0, ...
 03922   924   NtContinue  (13956284, 0, ...
 03923   928   NtContinue  (15006936, 0, ...
 03924   896   NtContinue  (11861204, 0, ...
 03925   924   NtContinue  (13956284, 0, ...
 03926   896   NtContinue  (11861204, 0, ...
 03927   924   NtContinue  (13956284, 0, ...
 03928   896   NtContinue  (11861204, 0, ...
 03929   924   NtContinue  (13956284, 0, ...
 03930   896   NtContinue  (11861204, 0, ...
 03931   924   NtContinue  (13956284, 0, ...
 03932   896   NtContinue  (11861204, 0, ...
 03933   924   NtContinue  (13956284, 0, ...
 03934   896   NtContinue  (11861204, 0, ...
 03935   924   NtContinue  (13956284, 0, ...
 03936   928   NtContinue  (15006936, 0, ...
 03937   896   NtContinue  (11861204, 0, ...
 03938   928   NtContinue  (15006936, 0, ...
 03939   896   NtContinue  (11861204, 0, ...
 03940   928   NtContinue  (15006936, 0, ...
 03941   896   NtContinue  (11861204, 0, ...
 03942   928   NtContinue  (15006936, 0, ...
 03943   896   NtContinue  (11861204, 0, ...
 03944   928   NtContinue  (15006936, 0, ...
 03945   896   NtContinue  (11861204, 0, ...
 03946   928   NtContinue  (15006936, 0, ...
 03947   896   NtContinue  (11861204, 0, ...
 03948   924   NtContinue  (13956284, 0, ...
 03949   928   NtContinue  (15006936, 0, ...
 03950   924   NtContinue  (13956284, 0, ...
 03951   928   NtContinue  (15006936, 0, ...
 03952   924   NtContinue  (13956284, 0, ...
 03953   928   NtContinue  (15006936, 0, ...
 03954   924   NtContinue  (13956284, 0, ...
 03955   928   NtContinue  (15006936, 0, ...
 03956   924   NtContinue  (13956284, 0, ...
 03957   928   NtContinue  (15006936, 0, ...
 03958   924   NtContinue  (13956284, 0, ...
 03959   928   NtContinue  (15006936, 0, ...
 03960   896   NtContinue  (11861204, 0, ...
 03961   924   NtContinue  (13956284, 0, ...
 03962   896   NtContinue  (11861204, 0, ...
 03963   924   NtContinue  (13956284, 0, ...
 03964   896   NtContinue  (11861204, 0, ...
 03965   924   NtContinue  (13956284, 0, ...
 03966   896   NtContinue  (11861204, 0, ...
 03967   924   NtContinue  (13956284, 0, ...
 03968   896   NtContinue  (11861204, 0, ...
 03969   924   NtContinue  (13956284, 0, ...
 03970   896   NtContinue  (11861204, 0, ...
 03971   924   NtContinue  (13956284, 0, ...
 03972   928   NtContinue  (15006936, 0, ...
 03973   896   NtContinue  (11861204, 0, ...
 03974   928   NtContinue  (15006936, 0, ...
 03975   896   NtContinue  (11861204, 0, ...
 03976   928   NtContinue  (15006936, 0, ...
 03977   896   NtContinue  (11861204, 0, ...
 03978   928   NtContinue  (15006936, 0, ...
 03979   896   NtContinue  (11861204, 0, ...
 03980   928   NtContinue  (15006936, 0, ...
 03981   896   NtContinue  (11861204, 0, ...
 03982   928   NtContinue  (15006936, 0, ...
 03983   896   NtContinue  (11861204, 0, ...
 03984   924   NtContinue  (13956284, 0, ...
 03985   928   NtContinue  (15006936, 0, ...
 03986   924   NtContinue  (13956284, 0, ...
 03987   928   NtContinue  (15006936, 0, ...
 03988   924   NtContinue  (13956284, 0, ...
 03989   928   NtContinue  (15006936, 0, ...
 03990   924   NtContinue  (13956284, 0, ...
 03991   928   NtContinue  (15006936, 0, ...
 03992   924   NtContinue  (13956284, 0, ...
 03993   928   NtContinue  (15006936, 0, ...
 03994   924   NtContinue  (13956284, 0, ...
 03995   928   NtContinue  (15006936, 0, ...
 03996   896   NtContinue  (11861204, 0, ...
 03997   924   NtContinue  (13956284, 0, ...
 03998   896   NtContinue  (11861204, 0, ...
 03999   924   NtContinue  (13956284, 0, ...
 04000   896   NtContinue  (11861204, 0, ...
 04001   924   NtContinue  (13956284, 0, ...
 04002   896   NtContinue  (11861204, 0, ...
 04003   924   NtContinue  (13956284, 0, ...
 04004   896   NtContinue  (11861204, 0, ...
 04005   924   NtContinue  (13956284, 0, ...
 04006   896   NtContinue  (11861204, 0, ...
 04007   924   NtContinue  (13956284, 0, ...
 04008   928   NtContinue  (15006936, 0, ...
 04009   896   NtContinue  (11861204, 0, ...
 04010   928   NtContinue  (15006936, 0, ...
 04011   896   NtContinue  (11861204, 0, ...
 04012   928   NtContinue  (15006936, 0, ...
 04013   896   NtContinue  (11861204, 0, ...
 04014   928   NtContinue  (15006936, 0, ...
 04015   896   NtContinue  (11861204, 0, ...
 04016   928   NtContinue  (15006936, 0, ...
 04017   896   NtContinue  (11861204, 0, ...
 04018   928   NtContinue  (15006936, 0, ...
 04019   896   NtContinue  (11861204, 0, ...
 04020   924   NtContinue  (13956284, 0, ...
 04021   928   NtContinue  (15006936, 0, ...
 04022   924   NtContinue  (13956284, 0, ...
 04023   928   NtContinue  (15006936, 0, ...
 04024   924   NtContinue  (13956284, 0, ...
 04025   928   NtContinue  (15006936, 0, ...
 04026   924   NtContinue  (13956284, 0, ...
 04027   928   NtContinue  (15006936, 0, ...
 04028   924   NtContinue  (13956284, 0, ...
 04029   928   NtContinue  (15006936, 0, ...
 04030   924   NtContinue  (13956284, 0, ...
 04031   928   NtContinue  (15006936, 0, ...
 04032   896   NtContinue  (11861204, 0, ...
 04033   924   NtContinue  (13956284, 0, ...
 04034   896   NtContinue  (11861204, 0, ...
 04035   924   NtContinue  (13956284, 0, ...
 04036   896   NtContinue  (11861204, 0, ...
 04037   924   NtContinue  (13956284, 0, ...
 04038   896   NtContinue  (11861204, 0, ...
 04039   924   NtContinue  (13956284, 0, ...
 04040   896   NtContinue  (11861204, 0, ...
 04041   924   NtContinue  (13956284, 0, ...
 04042   896   NtContinue  (11861204, 0, ...
 04043   924   NtContinue  (13956284, 0, ...
 04044   928   NtContinue  (15006936, 0, ...
 04045   896   NtContinue  (11861204, 0, ...
 04046   928   NtContinue  (15006936, 0, ...
 04047   896   NtContinue  (11861204, 0, ...
 04048   928   NtContinue  (15006936, 0, ...
 04049   896   NtContinue  (11861204, 0, ...
 04050   928   NtContinue  (15006936, 0, ...
 04051   896   NtContinue  (11861204, 0, ...
 04052   928   NtContinue  (15006936, 0, ...
 04053   896   NtContinue  (11861204, 0, ...
 04054   928   NtContinue  (15006936, 0, ...
 04055   896   NtContinue  (11861204, 0, ...
 04056   924   NtContinue  (13956284, 0, ...
 04057   928   NtContinue  (15006936, 0, ...
 04058   924   NtContinue  (13956284, 0, ...
 04059   928   NtContinue  (15006936, 0, ...
 04060   924   NtContinue  (13956284, 0, ...
 04061   928   NtContinue  (15006936, 0, ...
 04062   924   NtContinue  (13956284, 0, ...
 04063   928   NtContinue  (15006936, 0, ...
 04064   924   NtContinue  (13956284, 0, ...
 04065   928   NtContinue  (15006936, 0, ...
 04066   924   NtContinue  (13956284, 0, ...
 04067   928   NtContinue  (15006936, 0, ...
 04068   896   NtContinue  (11861204, 0, ...
 04069   924   NtContinue  (13956284, 0, ...
 04070   896   NtContinue  (11861204, 0, ...
 04071   924   NtContinue  (13956284, 0, ...
 04072   896   NtContinue  (11861204, 0, ...
 04073   924   NtContinue  (13956284, 0, ...
 04074   896   NtContinue  (11861204, 0, ...
 04075   924   NtContinue  (13956284, 0, ...
 04076   896   NtContinue  (11861204, 0, ...
 04077   924   NtContinue  (13956284, 0, ...
 04078   896   NtContinue  (11861204, 0, ...
 04079   924   NtContinue  (13956284, 0, ...
 04080   928   NtContinue  (15006936, 0, ...
 04081   896   NtContinue  (11861204, 0, ...
 04082   928   NtContinue  (15006936, 0, ...
 04083   896   NtContinue  (11861204, 0, ...
 04084   928   NtContinue  (15006936, 0, ...
 04085   896   NtContinue  (11861204, 0, ...
 04086   928   NtContinue  (15006936, 0, ...
 04087   896   NtContinue  (11861204, 0, ...
 04088   928   NtContinue  (15006936, 0, ...
 04089   896   NtContinue  (11861204, 0, ...
 04090   928   NtContinue  (15006936, 0, ...
 04091   896   NtContinue  (11861204, 0, ...
 04092   924   NtContinue  (13956284, 0, ...
 04093   928   NtContinue  (15006936, 0, ...
 04094   924   NtContinue  (13956284, 0, ...
 04095   928   NtContinue  (15006936, 0, ...
 04096   924   NtContinue  (13956284, 0, ...
 04097   928   NtContinue  (15006936, 0, ...
 04098   924   NtContinue  (13956284, 0, ...
 04099   928   NtContinue  (15006936, 0, ...
 04100   924   NtContinue  (13956284, 0, ...
 04101   928   NtContinue  (15006936, 0, ...
 04102   924   NtContinue  (13956284, 0, ...
 04103   928   NtContinue  (15006936, 0, ...
 04104   896   NtContinue  (11861204, 0, ...
 04105   924   NtContinue  (13956284, 0, ...
 04106   896   NtContinue  (11861204, 0, ...
 04107   924   NtContinue  (13956284, 0, ...
 04108   896   NtContinue  (11861204, 0, ...
 04109   924   NtContinue  (13956284, 0, ...
 04110   896   NtContinue  (11861204, 0, ...
 04111   924   NtContinue  (13956284, 0, ...
 04112   896   NtContinue  (11861204, 0, ...
 04113   924   NtContinue  (13956284, 0, ...
 04114   896   NtContinue  (11861204, 0, ...
 04115   924   NtContinue  (13956284, 0, ...
 04116   928   NtContinue  (15006936, 0, ...
 04117   896   NtContinue  (11861204, 0, ...
 04118   928   NtContinue  (15006936, 0, ...
 04119   896   NtContinue  (11861204, 0, ...
 04120   928   NtContinue  (15006936, 0, ...
 04121   896   NtContinue  (11861204, 0, ...
 04122   928   NtContinue  (15006936, 0, ...
 04123   896   NtContinue  (11861204, 0, ...
 04124   928   NtContinue  (15006936, 0, ...
 04125   896   NtContinue  (11861204, 0, ...
 04126   928   NtContinue  (15006936, 0, ...
 04127   896   NtContinue  (11861204, 0, ...
 04128   924   NtContinue  (13956284, 0, ...
 04129   928   NtContinue  (15006936, 0, ...
 04130   924   NtContinue  (13956284, 0, ...
 04131   928   NtContinue  (15006936, 0, ...
 04132   924   NtContinue  (13956284, 0, ...
 04133   928   NtContinue  (15006936, 0, ...
 04134   924   NtContinue  (13956284, 0, ...
 04135   928   NtContinue  (15006936, 0, ...
 04136   924   NtContinue  (13956284, 0, ...
 04137   928   NtContinue  (15006936, 0, ...
 04138   924   NtContinue  (13956284, 0, ...
 04139   928   NtContinue  (15006936, 0, ...
 04140   896   NtContinue  (11861204, 0, ...
 04141   924   NtContinue  (13956284, 0, ...
 04142   896   NtContinue  (11861204, 0, ...
 04143   924   NtContinue  (13956284, 0, ...
 04144   896   NtContinue  (11861204, 0, ...
 04145   924   NtContinue  (13956284, 0, ...
 04146   896   NtContinue  (11861204, 0, ...
 04147   924   NtContinue  (13956284, 0, ...
 04148   896   NtContinue  (11861204, 0, ...
 04149   924   NtContinue  (13956284, 0, ...
 04150   896   NtContinue  (11861204, 0, ...
 04151   924   NtContinue  (13956284, 0, ...
 04152   928   NtContinue  (15006936, 0, ...
 04153   896   NtContinue  (11861204, 0, ...
 04154   928   NtContinue  (15006936, 0, ...
 04155   896   NtContinue  (11861204, 0, ...
 04156   928   NtContinue  (15006936, 0, ...
 04157   896   NtContinue  (11861204, 0, ...
 04158   928   NtContinue  (15006936, 0, ...
 04159   896   NtContinue  (11861204, 0, ...
 04160   928   NtContinue  (15006936, 0, ...
 04161   896   NtContinue  (11861204, 0, ...
 04162   928   NtContinue  (15006936, 0, ...
 04163   896   NtContinue  (11861204, 0, ...
 04164   924   NtContinue  (13956284, 0, ...
 04165   928   NtContinue  (15006936, 0, ...
 04166   924   NtContinue  (13956284, 0, ...
 04167   928   NtContinue  (15006936, 0, ...
 04168   924   NtContinue  (13956284, 0, ...
 04169   928   NtContinue  (15006936, 0, ...
 04170   924   NtContinue  (13956284, 0, ...
 04171   928   NtContinue  (15006936, 0, ...
 04172   924   NtContinue  (13956284, 0, ...
 04173   928   NtContinue  (15006936, 0, ...
 04174   924   NtContinue  (13956284, 0, ...
 04175   928   NtContinue  (15006936, 0, ...
 04176   896   NtContinue  (11861204, 0, ...
 04177   924   NtContinue  (13956284, 0, ...
 04178   896   NtContinue  (11861204, 0, ...
 04179   924   NtContinue  (13956284, 0, ...
 04180   896   NtContinue  (11861204, 0, ...
 04181   924   NtContinue  (13956284, 0, ...
 04182   896   NtContinue  (11861204, 0, ...
 04183   924   NtContinue  (13956284, 0, ...
 04184   896   NtContinue  (11861204, 0, ...
 04185   924   NtContinue  (13956284, 0, ...
 04186   896   NtContinue  (11861204, 0, ...
 04187   924   NtContinue  (13956284, 0, ...
 04188   928   NtContinue  (15006936, 0, ...
 04189   896   NtContinue  (11861204, 0, ...
 04190   928   NtContinue  (15006936, 0, ...
 04191   896   NtContinue  (11861204, 0, ...
 04192   928   NtContinue  (15006936, 0, ...
 04193   896   NtContinue  (11861204, 0, ...
 04194   928   NtContinue  (15006936, 0, ...
 04195   896   NtContinue  (11861204, 0, ...
 04196   928   NtContinue  (15006936, 0, ...
 04197   896   NtContinue  (11861204, 0, ...
 04198   928   NtContinue  (15006936, 0, ...
 04199   896   NtContinue  (11861204, 0, ...
 04200   924   NtContinue  (13956284, 0, ...
 04201   928   NtContinue  (15006936, 0, ...
 04202   924   NtContinue  (13956284, 0, ...
 04203   928   NtContinue  (15006936, 0, ...
 04204   924   NtContinue  (13956284, 0, ...
 04205   928   NtContinue  (15006936, 0, ...
 04206   924   NtContinue  (13956284, 0, ...
 04207   928   NtContinue  (15006936, 0, ...
 04208   924   NtContinue  (13956284, 0, ...
 04209   928   NtContinue  (15006936, 0, ...
 04210   924   NtContinue  (13956284, 0, ...
 04211   928   NtContinue  (15006936, 0, ...
 04212   896   NtContinue  (11861204, 0, ...
 04213   924   NtContinue  (13956284, 0, ...
 04214   896   NtContinue  (11861204, 0, ...
 04215   924   NtContinue  (13956284, 0, ...
 04216   896   NtContinue  (11861204, 0, ...
 04217   924   NtContinue  (13956284, 0, ...
 04218   896   NtContinue  (11861204, 0, ...
 04219   928   NtContinue  (15006936, 0, ...
 04220   896   NtContinue  (11861204, 0, ...
 04221   928   NtContinue  (15006936, 0, ...
 04222   896   NtContinue  (11861204, 0, ...
 04223   928   NtContinue  (15006936, 0, ...
 04224   924   NtContinue  (13956284, 0, ...
 04225   928   NtContinue  (15006936, 0, ...
 04226   924   NtContinue  (13956284, 0, ...
 04227   928   NtContinue  (15006936, 0, ...
 04228   924   NtContinue  (13956284, 0, ...
 04229   928   NtContinue  (15006936, 0, ...
 04230   924   NtContinue  (13956284, 0, ...
 04231   896   NtContinue  (11861204, 0, ...
 04232   924   NtContinue  (13956284, 0, ...
 04233   896   NtContinue  (11861204, 0, ...
 04234   924   NtContinue  (13956284, 0, ...
 04235   896   NtContinue  (11861204, 0, ...
 04236   928   NtContinue  (15006936, 0, ...
 04237   896   NtContinue  (11861204, 0, ...
 04238   928   NtContinue  (15006936, 0, ...
 04239   896   NtContinue  (11861204, 0, ...
 04240   928   NtContinue  (15006936, 0, ...
 04241   896   NtContinue  (11861204, 0, ...
 04242   928   NtContinue  (15006936, 0, ...
 04243   924   NtContinue  (13956284, 0, ...
 04244   928   NtContinue  (15006936, 0, ...
 04245   924   NtContinue  (13956284, 0, ...
 04246   928   NtContinue  (15006936, 0, ...
 04247   924   NtContinue  (13956284, 0, ...
 04248   896   NtContinue  (11861204, 0, ...
 04249   924   NtContinue  (13956284, 0, ...
 04250   896   NtContinue  (11861204, 0, ...
 04251   924   NtContinue  (13956284, 0, ...
 04252   896   NtContinue  (11861204, 0, ...
 04253   924   NtContinue  (13956284, 0, ...
 04254   896   NtContinue  (11861204, 0, ...
 04255   928   NtContinue  (15006936, 0, ...
 04256   896   NtContinue  (11861204, 0, ...
 04257   928   NtContinue  (15006936, 0, ...
 04258   896   NtContinue  (11861204, 0, ...
 04259   928   NtContinue  (15006936, 0, ...
 04260   924   NtContinue  (13956284, 0, ...
 04261   928   NtContinue  (15006936, 0, ...
 04262   924   NtContinue  (13956284, 0, ...
 04263   928   NtContinue  (15006936, 0, ...
 04264   924   NtContinue  (13956284, 0, ...
 04265   928   NtContinue  (15006936, 0, ...
 04266   924   NtContinue  (13956284, 0, ...
 04267   896   NtContinue  (11861204, 0, ...
 04268   924   NtContinue  (13956284, 0, ...
 04269   896   NtContinue  (11861204, 0, ...
 04270   924   NtContinue  (13956284, 0, ...
 04271   896   NtContinue  (11861204, 0, ...
 04272   928   NtContinue  (15006936, 0, ...
 04273   896   NtContinue  (11861204, 0, ...
 04274   928   NtContinue  (15006936, 0, ...
 04275   896   NtContinue  (11861204, 0, ...
 04276   928   NtContinue  (15006936, 0, ...
 04277   896   NtContinue  (11861204, 0, ...
 04278   928   NtContinue  (15006936, 0, ...
 04279   924   NtContinue  (13956284, 0, ...
 04280   928   NtContinue  (15006936, 0, ...
 04281   924   NtContinue  (13956284, 0, ...
 04282   928   NtContinue  (15006936, 0, ...
 04283   924   NtContinue  (13956284, 0, ...
 04284   896   NtContinue  (11861204, 0, ...
 04285   924   NtContinue  (13956284, 0, ...
 04286   896   NtContinue  (11861204, 0, ...
 04287   924   NtContinue  (13956284, 0, ...
 04288   896   NtContinue  (11861204, 0, ...
 04289   924   NtContinue  (13956284, 0, ...
 04290   896   NtContinue  (11861204, 0, ...
 04291   928   NtContinue  (15006936, 0, ...
 04292   896   NtContinue  (11861204, 0, ...
 04293   928   NtContinue  (15006936, 0, ...
 04294   896   NtContinue  (11861204, 0, ...
 04295   928   NtContinue  (15006936, 0, ...
 04296   924   NtContinue  (13956284, 0, ...
 04297   928   NtContinue  (15006936, 0, ...
 04298   924   NtContinue  (13956284, 0, ...
 04299   928   NtContinue  (15006936, 0, ...
 04300   924   NtContinue  (13956284, 0, ...
 04301   928   NtContinue  (15006936, 0, ...
 04302   924   NtContinue  (13956284, 0, ...
 04303   896   NtContinue  (11861204, 0, ...
 04304   924   NtContinue  (13956284, 0, ...
 04305   896   NtContinue  (11861204, 0, ...
 04306   924   NtContinue  (13956284, 0, ...
 04307   896   NtContinue  (11861204, 0, ...
 04308   928   NtContinue  (15006936, 0, ...
 04309   896   NtContinue  (11861204, 0, ...
 04310   928   NtContinue  (15006936, 0, ...
 04311   896   NtContinue  (11861204, 0, ...
 04312   928   NtContinue  (15006936, 0, ...
 04313   896   NtContinue  (11861204, 0, ...
 04314   928   NtContinue  (15006936, 0, ...
 04315   924   NtContinue  (13956284, 0, ...
 04316   928   NtContinue  (15006936, 0, ...
 04317   924   NtContinue  (13956284, 0, ...
 04318   928   NtContinue  (15006936, 0, ...
 04319   924   NtContinue  (13956284, 0, ...
 04320   896   NtContinue  (11861204, 0, ...
 04321   924   NtContinue  (13956284, 0, ...
 04322   896   NtContinue  (11861204, 0, ...
 04323   924   NtContinue  (13956284, 0, ...
 04324   896   NtContinue  (11861204, 0, ...
 04325   924   NtContinue  (13956284, 0, ...
 04326   896   NtContinue  (11861204, 0, ...
 04327   928   NtContinue  (15006936, 0, ...
 04328   896   NtContinue  (11861204, 0, ...
 04329   928   NtContinue  (15006936, 0, ...
 04330   896   NtContinue  (11861204, 0, ...
 04331   928   NtContinue  (15006936, 0, ...
 04332   924   NtContinue  (13956284, 0, ...
 04333   928   NtContinue  (15006936, 0, ...
 04334   924   NtContinue  (13956284, 0, ...
 04335   928   NtContinue  (15006936, 0, ...
 04336   924   NtContinue  (13956284, 0, ...
 04337   928   NtContinue  (15006936, 0, ...
 04338   924   NtContinue  (13956284, 0, ...
 04339   896   NtContinue  (11861204, 0, ...
 04340   924   NtContinue  (13956284, 0, ...
 04341   896   NtContinue  (11861204, 0, ...
 04342   924   NtContinue  (13956284, 0, ...
 04343   896   NtContinue  (11861204, 0, ...
 04344   928   NtContinue  (15006936, 0, ...
 04345   896   NtContinue  (11861204, 0, ...
 04346   928   NtContinue  (15006936, 0, ...
 04347   896   NtContinue  (11861204, 0, ...
 04348   928   NtContinue  (15006936, 0, ...
 04349   896   NtContinue  (11861204, 0, ...
 04350   928   NtContinue  (15006936, 0, ...
 04351   924   NtContinue  (13956284, 0, ...
 04352   928   NtContinue  (15006936, 0, ...
 04353   924   NtContinue  (13956284, 0, ...
 04354   928   NtContinue  (15006936, 0, ...
 04355   924   NtContinue  (13956284, 0, ...
 04356   896   NtContinue  (11861204, 0, ...
 04357   924   NtContinue  (13956284, 0, ...
 04358   896   NtContinue  (11861204, 0, ...
 04359   924   NtContinue  (13956284, 0, ...
 04360   896   NtContinue  (11861204, 0, ...
 04361   924   NtContinue  (13956284, 0, ...
 04362   896   NtContinue  (11861204, 0, ...
 04363   928   NtContinue  (15006936, 0, ...
 04364   896   NtContinue  (11861204, 0, ...
 04365   928   NtContinue  (15006936, 0, ...
 04366   896   NtContinue  (11861204, 0, ...
 04367   928   NtContinue  (15006936, 0, ...
 04368   924   NtContinue  (13956284, 0, ...
 04369   928   NtContinue  (15006936, 0, ...
 04370   924   NtContinue  (13956284, 0, ...
 04371   928   NtContinue  (15006936, 0, ...
 04372   924   NtContinue  (13956284, 0, ...
 04373   928   NtContinue  (15006936, 0, ...
 04374   924   NtContinue  (13956284, 0, ...
 04375   896   NtContinue  (11861204, 0, ...
 04376   924   NtContinue  (13956284, 0, ...
 04377   896   NtContinue  (11861204, 0, ...
 04378   924   NtContinue  (13956284, 0, ...
 04379   896   NtContinue  (11861204, 0, ...
 04380   928   NtContinue  (15006936, 0, ...
 04381   896   NtContinue  (11861204, 0, ...
 04382   928   NtContinue  (15006936, 0, ...
 04383   896   NtContinue  (11861204, 0, ...
 04384   928   NtContinue  (15006936, 0, ...
 04385   896   NtContinue  (11861204, 0, ...
 04386   928   NtContinue  (15006936, 0, ...
 04387   924   NtContinue  (13956284, 0, ...
 04388   928   NtContinue  (15006936, 0, ...
 04389   924   NtContinue  (13956284, 0, ...
 04390   928   NtContinue  (15006936, 0, ...
 04391   924   NtContinue  (13956284, 0, ...
 04392   896   NtContinue  (11861204, 0, ...
 04393   924   NtContinue  (13956284, 0, ...
 04394   896   NtContinue  (11861204, 0, ...
 04395   924   NtContinue  (13956284, 0, ...
 04396   896   NtContinue  (11861204, 0, ...
 04397   924   NtContinue  (13956284, 0, ...
 04398   896   NtContinue  (11861204, 0, ...
 04399   928   NtContinue  (15006936, 0, ...
 04400   896   NtContinue  (11861204, 0, ...
 04401   928   NtContinue  (15006936, 0, ...
 04402   896   NtContinue  (11861204, 0, ...
 04403   928   NtContinue  (15006936, 0, ...
 04404   924   NtContinue  (13956284, 0, ...
 04405   928   NtContinue  (15006936, 0, ...
 04406   924   NtContinue  (13956284, 0, ...
 04407   928   NtContinue  (15006936, 0, ...
NtDelayExecution(>)	1	NtOpenMutant(>)	2	NtQuerySection(>)	7	NtCreateEvent(>)	25
NtFsControlFile(>)	1	NtQueryInformationFile(>)	2	NtOpenProcess(>)	9	NtRequestWaitReplyPort(>)	25
NtGdiCreateBitmap(>)	1	NtRaiseException(>)	2	NtOpenProcessTokenEx(>)	11	NtReadVirtualMemory(>)	27
NtGdiInit(>)	1	NtSetInformationProcess(>)	2	NtOpenThreadTokenEx(>)	11	NtSetEvent(>)	28
NtGdiQueryFontAssocInfo(>)	1	NtUserCallOneParam(>)	2	NtTerminateThread(>)	11	NtOpenSection(>)	32
NtGdiSelectBitmap(>)	1	NtUserGetDC(>)	2	NtSetEventBoostPriority(>)	14	NtQueryInformationThread(>)	37
NtOpenKeyedEvent(>)	1	NtCallbackReturn(>)	3	NtUnmapViewOfSection(>)	14	NtMapViewOfSection(>)	40
NtOpenSymbolicLinkObject(>)	1	NtGdiCreateCompatibleDC(>)	3	NtQueryInformationToken(>)	15	NtQueryValueKey(>)	40
NtQueryObject(>)	1	NtQueryVirtualMemory(>)	3	NtFlushInstructionCache(>)	16	NtWaitForSingleObject(>)	45
NtQuerySymbolicLinkObject(>)	1	NtReleaseMutant(>)	3	NtQueryDebugFilterState(>)	16	NtProtectVirtualMemory(>)	62
NtQueryVolumeInformationFile(>)	1	NtUserBuildHwndList(>)	3	NtCreateSection(>)	17	NtAllocateVirtualMemory(>)	63
NtSecureConnectPort(>)	1	NtDuplicateObject(>)	4	NtCreateThread(>)	18	NtOpenKey(>)	71
NtUserCallNoParam(>)	1	NtQueryDefaultLocale(>)	4	NtResumeThread(>)	18	NtUserGetClassInfo(>)	74
NtUserGetThreadDesktop(>)	1	NtQueryInformationProcess(>)	4	NtRegisterThreadTerminatePort(>)	19	NtUserFindExistingCursorIcon(>)	87
NtAccessCheck(>)	2	NtQueryInstallUILanguage(>)	4	NtTestAlert(>)	19	NtUserRegisterClassExWOW(>)	108
NtAddAtom(>)	2	NtSetInformationObject(>)	4	NtUserSystemParametersInfo(>)	20	NtClose(>)	168
NtCreateFile(>)	2	NtGdiGetStockObject(>)	5	NtQueryAttributesFile(>)	21	NtUserQueryWindow(>)	234
NtEnumerateValueKey(>)	2	NtOpenProcessToken(>)	5	NtSetInformationThread(>)	22	NtContinue(>)	3383
NtGdiCreateSolidBrush(>)	2	NtQueryDefaultUILanguage(>)	6	NtFreeVirtualMemory(>)	23
NtOpenDirectoryObject(>)	2	NtUserFindWindowEx(>)	6	NtOpenFile(>)	23
NtOpenEvent(>)	2