Summary:





NtCallbackReturn(>)  1 
NtGdiCreateSolidBrush(>)  2 
NtCreateFile(>)  5 
NtCreateEvent(>)  54 


NtFlushInstructionCache(>)  1 
NtNotifyChangeKey(>)  2 
NtCreateKey(>)  5 
NtOpenKey(>)  65 


NtFsControlFile(>)  1 
NtOpenDirectoryObject(>)  2 
NtGdiGetStockObject(>)  5 
NtContinue(>)  116 


NtGdiCreateBitmap(>)  1 
NtOpenProcessToken(>)  2 
NtQueryInformationToken(>)  5 
NtClose(>)  123 


NtGdiInit(>)  1 
NtOpenProcessTokenEx(>)  2 
NtSetInformationFile(>)  5 
NtResumeThread(>)  145 


NtGdiQueryFontAssocInfo(>)  1 
NtOpenThreadTokenEx(>)  2 
NtConnectPort(>)  6 
NtCreateThread(>)  152 


NtGdiSelectBitmap(>)  1 
NtQueryDefaultLocale(>)  2 
NtQueryInformationFile(>)  7 
NtProtectVirtualMemory(>)  154 


NtOpenKeyedEvent(>)  1 
NtQuerySystemTime(>)  2 
NtQuerySection(>)  8 
NtQueryInformationThread(>)  156 


NtOpenMutant(>)  1 
NtQueryVirtualMemory(>)  2 
NtUserFindExistingCursorIcon(>)  9 
NtQueryValueKey(>)  169 


NtOpenSymbolicLinkObject(>)  1 
NtSetInformationObject(>)  2 
NtCreateSection(>)  12 
NtRequestWaitReplyPort(>)  170 


NtQueryObject(>)  1 
NtSetValueKey(>)  2 
NtOpenFile(>)  14 
NtTestAlert(>)  222 


NtQuerySymbolicLinkObject(>)  1 
NtWriteFile(>)  2 
NtUserRegisterClassExWOW(>)  15 
NtRegisterThreadTerminatePort(>)  223 


NtSecureConnectPort(>)  1 
NtFreeVirtualMemory(>)  3 
NtDeviceIoControlFile(>)  16 
NtDuplicateObject(>)  224 


NtSetInformationThread(>)  1 
NtGdiCreateCompatibleDC(>)  3 
NtOpenSection(>)  18 
NtAllocateVirtualMemory(>)  410 


NtUserCallNoParam(>)  1 
NtQueryInformationProcess(>)  4 
NtQuerySystemInformation(>)  21 
NtSetEventBoostPriority(>)  1009 


NtUserGetThreadDesktop(>)  1 
NtQueryVolumeInformationFile(>)  4 
NtMapViewOfSection(>)  24 
NtWaitForSingleObject(>)  1347 


NtCreateMutant(>)  2 
NtUnmapViewOfSection(>)  4 
NtQueryAttributesFile(>)  26 



Trace:

 00001   468   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002   468   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00003   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00004   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00005   468   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00006   468   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00007   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00008   468   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00009   468   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00010   468   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00011   468   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00012   468   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00013   468   NtClose  (12, ... ) == 0x0
 00014   468   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\U:\startupscripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00015   468   NtQueryVolumeInformationFile  (12, 1243848, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00016   468   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... ) == STATUS_INVALID_PARAMETER
 00017   468   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243832, ... ) }, 1243832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018   468   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019   468   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e60000), 0x0, 937984, ) == 0x0
 00020   468   NtClose  (16, ... ) == 0x0
 00021   468   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00022   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00023   468   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00024   468   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18743296}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18743296}, {0, 0, 0}, 200, 44, ) == 0x0
 00025   468   NtClose  (16, ... ) == 0x0
 00026   468   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00027   468   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00028   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00029   468   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00030   468   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00031   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 0, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\36\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\36\1\4\0\0\0" ... {28, 56, reply, 0, 460, 468, 1512, 0} "8@\27\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\36\1\4\0\0\0" )  ... {28, 56, reply, 0, 460, 468, 1512, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\36\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\36\1\4\0\0\0" ... {28, 56, reply, 0, 460, 468, 1512, 0} "8@\27\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\36\1\4\0\0\0" )  ) == 0x0
 00032   468   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00033   468   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00034   468   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00035   468   NtClose  (16, ... ) == 0x0
 00036   468   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00037   468   NtOpenMutant  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\NlsCacheMutant"}, ... 16, ) }, ... 16, ) == 0x0
 00038   468   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 28, ) }, ... 28, ) == 0x0
 00039   468   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00040   468   NtClose  (28, ... ) == 0x0
 00041   468   NtQueryDefaultLocale  (0, 2012046252, ... ) == 0x0
 00042   468   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 28, ) }, ... 28, ) == 0x0
 00043   468   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 212992, ) == 0x0
 00044   468   NtClose  (28, ... ) == 0x0
 00045   468   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 28, ) }, ... 28, ) == 0x0
 00046   468   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00047   468   NtQuerySection  (28, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00048   468   NtClose  (28, ... ) == 0x0
 00049   468   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 28, ) }, ... 28, ) == 0x0
 00050   468   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00051   468   NtClose  (28, ... ) == 0x0
 00052   468   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00053   468   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00054   468   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00055   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\36\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\36\18\6\0\0" ... {28, 56, reply, 0, 460, 468, 1514, 0} "\10\32\27\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\36\18\6\0\0" )  ... {28, 56, reply, 0, 460, 468, 1514, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\36\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\36\18\6\0\0" ... {28, 56, reply, 0, 460, 468, 1514, 0} "\10\32\27\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\36\18\6\0\0" )  ) == 0x0
 00056   468   NtProtectVirtualMemory  (-1, (0x409000), 90128, 4, ... (0x409000), 94208, 128, ) == 0x0
 00057   468   NtProtectVirtualMemory  (-1, (0x409000), 94208, 128, ... (0x409000), 94208, 4, ) == 0x0
 00058   468   NtFlushInstructionCache  (-1, 4231168, 90128, ... ) == 0x0
 00059   468   NtOpenProcessToken  (-1, 0x8, ... 28, ) == 0x0
 00060   468   NtQueryInformationToken  (28, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00061   468   NtClose  (28, ... ) == 0x0
 00062   468   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00063   468   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00064   468   NtClose  (28, ... ) == 0x0
 00065   468   NtTestAlert  (... ) == 0x0
 00066   468   NtContinue  (1244464, 1, ...
 00067   468   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x419010,}, 4, ... ) == 0x0
 00068   468   NtContinue  (1244400, 0, ...
 00069   468   NtAllocateVirtualMemory  (-1, 0, 0, 2395, 4096, 64, ... 3276800, 4096, ) == 0x0
 00070   468   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 28, ) }, ... 28, ) == 0x0
 00071   468   NtQueryValueKey  (28,  (28, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00072   468   NtClose  (28, ... ) == 0x0
 00073   468   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00074   468   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "user32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00075   468   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77d40000), 0x0, 577536, ) == 0x0
 00076   468   NtClose  (28, ... ) == 0x0
 00077   468   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00078   468   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c70000), 0x0, 262144, ) == 0x0
 00079   468   NtClose  (28, ... ) == 0x0
 00080   468   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00081   468   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 569344, ) == 0x0
 00082   468   NtClose  (28, ... ) == 0x0
 00083   468   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00084   468   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77cc0000), 0x0, 479232, ) == 0x0
 00085   468   NtClose  (28, ... ) == 0x0
 00086   468   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00087   468   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00088   468   NtQueryValueKey  (28,  (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00089   468   NtClose  (28, ... ) == 0x0
 00090   468   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 28, ) }, ... 28, ) == 0x0
 00091   468   NtQueryValueKey  (28,  (28, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00092   468   NtClose  (28, ... ) == 0x0
 00093   468   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 28, ) }, ... 28, ) == 0x0
 00094   468   NtSetInformationObject  (28, Handle, {Inherit=0,ProtectFromClose=1,}, 2011365632, ... ) == 0x0
 00095   468   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00096   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00097   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\36\1\0\0\0\0\314\4\23\0\374\207\16\366\3\0\0\0\234\6\36\1$\1\0\0" ... {28, 56, reply, 0, 460, 468, 1522, 0} "XQ\26\0\0\0\0\0\0\0\0\0\374\207\16\366\3\0\0\0\234\6\36\1$\1\0\0" )  ... {28, 56, reply, 0, 460, 468, 1522, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\36\1\0\0\0\0\314\4\23\0\374\207\16\366\3\0\0\0\234\6\36\1$\1\0\0" ... {28, 56, reply, 0, 460, 468, 1522, 0} "XQ\26\0\0\0\0\0\0\0\0\0\374\207\16\366\3\0\0\0\234\6\36\1$\1\0\0" )  ) == 0x0
 00098   468   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00099   468   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x420000), 0x0, 1060864, ) == 0x0
 00100   468   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 36, ) == 0x0
 00101   468   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00102   468   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147482040, ) == 0x0
 00103   468   NtQueryInformationToken  (-2147482040, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00104   468   NtQueryInformationToken  (-2147482040, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00105   468   NtClose  (-2147482040, ... ) == 0x0
 00106   468   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 5439488, 4096, ) == 0x0
 00107   468   NtFreeVirtualMemory  (-1, (0x530000), 4096, 32768, ... (0x530000), 4096, ) == 0x0
 00108   468   NtDuplicateObject  (-1, 40, -1, 0x0, 0, 2, ... 48, ) == 0x0
 00109   468   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147482040, ) }, ... -2147482040, ) == 0x0
 00110   468   NtQueryValueKey  (-2147482040,  (-2147482040, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00111   468   NtClose  (-2147482040, ... ) == 0x0
 00112   468   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147482040, ) }, ... -2147482040, ) == 0x0
 00113   468   NtQueryValueKey  (-2147482040,  (-2147482040, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00114   468   NtClose  (-2147482040, ... ) == 0x0
 00115   468   NtQueryDefaultLocale  (0, -136050164, ... ) == 0x0
 00116   468   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00117   468   NtUserCallNoParam  (24, ... ) == 0x0
 00118   468   NtGdiCreateCompatibleDC  (0, ...
 00119   468   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 5439488, 4096, ) == 0x0
 00118   468   NtGdiCreateCompatibleDC  ... ) == 0xe010451
 00120   468   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00121   468   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00122   468   NtGdiCreateBitmap  (8, 8, 1, 1, 2010393708, ... ) == 0xb050458
 00123   468   NtGdiCreateSolidBrush  (0, 0, ...
 00124   468   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 8650752, 4096, ) == 0x0
 00123   468   NtGdiCreateSolidBrush  ... ) == 0x810045b
 00125   468   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00126   468   NtGdiCreateCompatibleDC  (0, ... ) == 0x601045c
 00127   468   NtGdiSelectBitmap  (100729948, 184878168, ... ) == 0x185000f
 00128   468   NtUserGetThreadDesktop  (468, 0, ... ) == 0x2c
 00129   468   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 52, ) }, ... 52, ) == 0x0
 00130   468   NtQueryValueKey  (52,  (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00131   468   NtClose  (52, ... ) == 0x0
 00132   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10011
 00133   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 673, 128, 0, ... ) == 0x810dc017
 00134   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10011
 00135   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 674, 128, 0, ... ) == 0x810dc01c
 00136   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10011
 00137   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 675, 128, 0, ... ) == 0x810dc01e
 00138   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10011
 00139   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 676, 128, 0, ... ) == 0x810d8002
 00140   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10013
 00141   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 677, 128, 0, ... ) == 0x810dc018
 00142   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10011
 00143   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 678, 128, 0, ... ) == 0x810dc01a
 00144   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10011
 00145   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 679, 128, 0, ... ) == 0x810dc01d
 00146   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10011
 00147   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 681, 128, 0, ... ) == 0x810dc026
 00148   468   NtUserFindExistingCursorIcon  (1240812, 1240828, 1241396, ... ) == 0x10011
 00149   468   NtUserRegisterClassExWOW  (1241332, 1241412, 1241396, 1241428, 680, 128, 0, ... ) == 0x810dc019
 00150   468   NtUserRegisterClassExWOW  (1241284, 1241364, 1241348, 1241380, 0, 128, 0, ... ) == 0x810dc020
 00151   468   NtUserRegisterClassExWOW  (1241284, 1241360, 1241376, 1241348, 0, 130, 0, ... ) == 0x810dc022
 00152   468   NtUserRegisterClassExWOW  (1241284, 1241364, 1241348, 1241380, 0, 128, 0, ... ) == 0x810dc023
 00153   468   NtUserRegisterClassExWOW  (1241284, 1241360, 1241376, 1241348, 0, 130, 0, ... ) == 0x810dc024
 00154   468   NtUserRegisterClassExWOW  (1241284, 1241364, 1241348, 1241380, 0, 128, 0, ...
 00155   468   NtAllocateVirtualMemory  (-1, 5615616, 0, 4096, 4096, 32, ... 5615616, 4096, ) == 0x0
 00154   468   NtUserRegisterClassExWOW  ... ) == 0x810dc025
 00156   468   NtCallbackReturn  (0, 0, 0, ...
 00157   468   NtGdiInit  (... ) == 0x1
 00158   468   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00159   468   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00160   468   NtAllocateVirtualMemory  (-1, 0, 0, 26112, 4096, 64, ... 8716288, 28672, ) == 0x0
 00161   468   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2_32.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00162   468   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2_32.dll"}, 1242976, ... ) }, 1242976, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00163   468   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2_32.dll"}, 1242976, ... ) }, 1242976, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00164   468   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 1242976, ... ) }, 1242976, ... ) == 0x0
 00165   468   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2_32.dll"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00166   468   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 52, ... 56, ) == 0x0
 00167   468   NtQuerySection  (56, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00168   468   NtOpenProcessToken  (-1, 0x8, ... 60, ) == 0x0
 00169   468   NtQueryInformationToken  (60, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00170   468   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00171   468   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 64, ) }, ... 64, ) == 0x0
 00172   468   NtQueryValueKey  (64,  (64, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (64, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00173   468   NtClose  (64, ... ) == 0x0
 00174   468   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00175   468   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 64, ) == 0x0
 00176   468   NtQueryInformationToken  (64, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00177   468   NtClose  (64, ... ) == 0x0
 00178   468   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00179   468   NtClose  (60, ... ) == 0x0
 00180   468   NtClose  (52, ... ) == 0x0
 00181   468   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71ab0000), 0x0, 86016, ) == 0x0
 00182   468   NtClose  (56, ... ) == 0x0
 00183   468   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "msvcrt.dll"}, ... 56, ) }, ... 56, ) == 0x0
 00184   468   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 339968, ) == 0x0
 00185   468   NtClose  (56, ... ) == 0x0
 00186   468   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WS2HELP.dll"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00187   468   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\WS2HELP.dll"}, 1242172, ... ) }, 1242172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00188   468   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "WS2HELP.dll"}, 1242172, ... ) }, 1242172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00189   468   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 1242172, ... ) }, 1242172, ... ) == 0x0
 00190   468   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\WS2HELP.dll"}, 5, 96, ... 56, {status=0x0, info=1}, ) }, 5, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00191   468   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 56, ... 52, ) == 0x0
 00192   468   NtQuerySection  (52, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00193   468   NtClose  (56, ... ) == 0x0
 00194   468   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71aa0000), 0x0, 32768, ) == 0x0
 00195   468   NtClose  (52, ... ) == 0x0
 00196   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00197   468   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 8781824, 65536, ) == 0x0
 00198   468   NtAllocateVirtualMemory  (-1, 8781824, 0, 4096, 4096, 4, ... 8781824, 4096, ) == 0x0
 00199   468   NtAllocateVirtualMemory  (-1, 8785920, 0, 8192, 4096, 4, ... 8785920, 8192, ) == 0x0
 00200   468   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 52, ) }, ... 52, ) == 0x0
 00201   468   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x870000), 0x0, 12288, ) == 0x0
 00202   468   NtClose  (52, ... ) == 0x0
 00203   468   NtAllocateVirtualMemory  (-1, 8794112, 0, 4096, 4096, 4, ... 8794112, 4096, ) == 0x0
 00204   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00205   468   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00206   468   NtFreeVirtualMemory  (-1, (0x850000), 0, 32768, ... (0x850000), 28672, ) == 0x0
 00207   468   NtFreeVirtualMemory  (-1, (0x320144), 0, 32768, ... (0x320000), 4096, ) == 0x0
 00208   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00209   468   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 3276800, 65536, ) == 0x0
 00210   468   NtAllocateVirtualMemory  (-1, 3276800, 0, 4096, 4096, 4, ... 3276800, 4096, ) == 0x0
 00211   468   NtAllocateVirtualMemory  (-1, 3280896, 0, 20480, 4096, 4, ... 3280896, 20480, ) == 0x0
 00212   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 8912896, 1048576, ) == 0x0
 00213   468   NtAllocateVirtualMemory  (-1, 8912896, 0, 32768, 4096, 4, ... 8912896, 32768, ) == 0x0
 00214   468   NtOpenDirectoryObject  (0x2000f, {24, 0, 0x40, 0, 0,  (0x2000f, {24, 0, 0x40, 0, 0, "\BaseNamedObjects"}, ... 52, ) }, ... 52, ) == 0x0
 00215   468   NtCreateMutant  (0x1f0001, {24, 52, 0x80, 0, 0,  (0x1f0001, {24, 52, 0x80, 0, 0, "Jobaka3"}, 0, ... 56, ) }, 0, ... 56, ) == 0x0
 00216   468   NtOpenKey  (0x2000000, {24, 28, 0x40, 0, 0,  (0x2000000, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\WinSock2\Parameters"}, ... 60, ) }, ... 60, ) == 0x0
 00217   468   NtQueryValueKey  (60,  (60, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (60, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 00218   468   NtQueryValueKey  (60,  (60, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (60, "WinSock_Registry_Version", Partial, 144, ... TitleIdx=0, Type=1, Data="2\0.\00\0\0\0"}, 20, ) }, 20, ) == 0x0
 00219   468   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 64, ) == 0x0
 00220   468   NtOpenKey  (0x2000000, {24, 60, 0x40, 0, 0,  (0x2000000, {24, 60, 0x40, 0, 0, "Protocol_Catalog9"}, ... 68, ) }, ... 68, ) == 0x0
 00221   468   NtQueryValueKey  (68,  (68, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\31\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (68, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\31\0\0\0"}, 16, ) }, 16, ) == 0x0
 00222   468   NtNotifyChangeKey  (68, 64, 0, 0, 2011390432, 1, 0, 0, 0, 1, ... ) == 0x103
 00223   468   NtQueryValueKey  (68,  (68, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\31\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (68, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\31\0\0\0"}, 16, ) }, 16, ) == 0x0
 00224   468   NtOpenKey  (0x2000000, {24, 68, 0x40, 0, 0,  (0x2000000, {24, 68, 0x40, 0, 0, "00000019"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00225   468   NtQueryValueKey  (68,  (68, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="\376\3\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (68, "Next_Catalog_Entry_ID", Partial, 144, ... TitleIdx=0, Type=4, Data="\376\3\0\0"}, 16, ) }, 16, ) == 0x0
 00226   468   NtQueryValueKey  (68,  (68, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (68, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\13\0\0\0"}, 16, ) }, 16, ) == 0x0
 00227   468   NtOpenKey  (0x2000000, {24, 68, 0x40, 0, 0,  (0x2000000, {24, 68, 0x40, 0, 0, "Catalog_Entries"}, ... 72, ) }, ... 72, ) == 0x0
 00228   468   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00229   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000001"}, ... 76, ) }, ... 76, ) == 0x0
 00230   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00231   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00232   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\351\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\351\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\352\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\352\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\353\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\353\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\354\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\351\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\351\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\352\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\352\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\353\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\353\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\354\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\353\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\354\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\351\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0T\0C\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\351\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\351\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\352\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\02\0\352\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\353\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\353\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\354\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00233   468   NtClose  (76, ... ) == 0x0
 00234   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000002"}, ... 76, ) }, ... 76, ) == 0x0
 00235   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00236   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00237   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\356\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\356\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\357\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\357\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\360\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\360\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\361\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\356\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\356\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\357\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\357\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\360\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\360\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\361\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\360\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\361\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\352\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0U\0D\0P\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\356\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\356\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\357\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\03\0\357\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\360\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\360\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\361\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00238   468   NtClose  (76, ... ) == 0x0
 00239   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000003"}, ... 76, ) }, ... 76, ) == 0x0
 00240   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00241   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00242   468   NtAllocateVirtualMemory  (-1, 1331200, 0, 4096, 4096, 4, ... 1331200, 4096, ) == 0x0
 00243   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\364\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\364\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\365\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\365\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\366\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\366\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\367\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\364\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\364\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\365\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\365\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\366\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\366\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\367\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\366\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\367\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\6\2\0\0\0\0\0\0\0\0\0\0\0\0\0\14\0\0\0\240\32\17\347\213\253\317\21\214\243\0\200_H\241\222\353\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\3\0\0\0\0\0\0\0\377\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0T\0c\0p\0i\0p\0 \0[\0R\0A\0W\0/\0I\0P\0]\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\204\3\0\0\364\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\364\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\365\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\04\0\365\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\366\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\366\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\367\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00244   468   NtClose  (76, ... ) == 0x0
 00245   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000004"}, ... 76, ) }, ... 76, ) == 0x0
 00246   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00247   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00248   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\310\371\252\1\26\0\30\0\10<_u\0\0\0\0|\370\252\1\27\207`u\0\0\0\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\30\371\252\1\17.\365w\13\30\365w\1\0\0\0\0\374\252\1\4\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\17.\365w\0\0\0\0\250\371\252\1 \22\365wO\22\365wT\22\365w\0\0\0\0\204\3\0\0\371\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\371\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\372\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\372\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\373\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\373\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\374\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\310\371\252\1\26\0\30\0\10<_u\0\0\0\0|\370\252\1\27\207`u\0\0\0\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\30\371\252\1\17.\365w\13\30\365w\1\0\0\0\0\374\252\1\4\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\17.\365w\0\0\0\0\250\371\252\1 \22\365wO\22\365wT\22\365w\0\0\0\0\204\3\0\0\371\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\371\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\372\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\372\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\373\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\373\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\374\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\373\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\374\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11&\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\354\3\0\0\1\0\0\0\310\371\252\1\26\0\30\0\10<_u\0\0\0\0|\370\252\1\27\207`u\0\0\0\0\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\2\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\273\377\0\0\0\0\0\0R\0S\0V\0P\0 \0U\0D\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\30\371\252\1\17.\365w\13\30\365w\1\0\0\0\0\374\252\1\4\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\17.\365w\0\0\0\0\250\371\252\1 \22\365wO\22\365wT\22\365w\0\0\0\0\204\3\0\0\371\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\371\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\372\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\05\0\372\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\373\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\373\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\374\0\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00249   468   NtClose  (76, ... ) == 0x0
 00250   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000005"}, ... 76, ) }, ... 76, ) == 0x0
 00251   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00252   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00253   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\17.\365w\13\30\365w\0\0\0\0\4+Y\1\2\0\0\0\1\0\0\0\17.\365w\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\0\0\0\0\362_du\3`du\240\1\10\0\250\5N\1 \0\0\0\0\0\0\0\240\1\10\0\310\5N\1H\344\301\0\0\0\0\0\0\0\0\0\0\0\245\0\0\0\10\0@\5N\1\0\0\0\0\204\3\0\0\376\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\376\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\377\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0\377\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\0\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\0\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\1\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\17.\365w\13\30\365w\0\0\0\0\4+Y\1\2\0\0\0\1\0\0\0\17.\365w\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\0\0\0\0\362_du\3`du\240\1\10\0\250\5N\1 \0\0\0\0\0\0\0\240\1\10\0\310\5N\1H\344\301\0\0\0\0\0\0\0\0\0\0\0\245\0\0\0\10\0@\5N\1\0\0\0\0\204\3\0\0\376\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\376\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\377\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0\377\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\0\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\0\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\1\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\0\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\1\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\rsvpsp.dll\0\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0f \2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\340\251`\235z3\320\21\275\210\0\0\300\202\346\232\355\3\0\0\1\0\0\0\17.\365w\13\30\365w\0\0\0\0\4+Y\1\2\0\0\0\1\0\0\0\17.\365w\6\0\0\0\2\0\0\0\20\0\0\0\20\0\0\0\1\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0R\0S\0V\0P\0 \0T\0C\0P\0 \0S\0e\0r\0v\0i\0c\0e\0 \0P\0r\0o\0v\0i\0d\0e\0r\0\0\0\0\0\0\0\362_du\3`du\240\1\10\0\250\5N\1 \0\0\0\0\0\0\0\240\1\10\0\310\5N\1H\344\301\0\0\0\0\0\0\0\0\0\0\0\245\0\0\0\10\0@\5N\1\0\0\0\0\204\3\0\0\376\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\376\0\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\377\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\06\0\377\0\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\0\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\0\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\1\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00254   468   NtClose  (76, ... ) == 0x0
 00255   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000006"}, ... 76, ) }, ... 76, ) == 0x0
 00256   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00257   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00258   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\356\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\3\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\3\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\4\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\4\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\5\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\5\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\6\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\356\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\3\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\3\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\4\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\4\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\5\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\5\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\6\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\5\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\6\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\356\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\3\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\3\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\4\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\07\0\4\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\5\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\5\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\6\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00259   468   NtClose  (76, ... ) == 0x0
 00260   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000007"}, ... 76, ) }, ... 76, ) == 0x0
 00261   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00262   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00263   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\357\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\10\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\10\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\11\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\11\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\12\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\12\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\13\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\357\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\10\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\10\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\11\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\11\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\12\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\12\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\13\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\12\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\13\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\357\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\0\0\0\200\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\04\0F\0E\05\07\0D\07\0B\0-\00\03\0A\05\0-\04\08\0B\02\0-\08\0\0\0\0\0\204\3\0\0\10\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\10\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\11\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\08\0\11\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\12\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\12\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\13\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00264   468   NtClose  (76, ... ) == 0x0
 00265   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000008"}, ... 76, ) }, ... 76, ) == 0x0
 00266   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00267   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00268   468   NtAllocateVirtualMemory  (-1, 1335296, 0, 4096, 4096, 4, ... 1335296, 4096, ) == 0x0
 00269   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\360\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0\16\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\16\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\17\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0\17\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\20\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\20\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\21\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\360\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0\16\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\16\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\17\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0\17\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\20\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\20\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\21\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\20\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\21\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\360\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0\16\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\16\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\17\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\00\09\0\17\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\20\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\20\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\21\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00270   468   NtClose  (76, ... ) == 0x0
 00271   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000009"}, ... 76, ) }, ... 76, ) == 0x0
 00272   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00273   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00274   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\361\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0\23\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\23\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\24\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0\24\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\25\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\25\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\26\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\361\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0\23\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\23\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\24\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0\24\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\25\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\25\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\26\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\25\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\26\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\361\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0A\0B\0E\07\0E\00\06\0F\0-\06\02\00\0F\0-\04\0E\0A\0A\0-\0A\0\0\0\0\0\204\3\0\0\23\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\23\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\24\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\00\0\24\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\25\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\25\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\26\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00275   468   NtClose  (76, ... ) == 0x0
 00276   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000010"}, ... 76, ) }, ... 76, ) == 0x0
 00277   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00278   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00279   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\362\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\0\30\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\30\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\31\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\31\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\32\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\32\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\33\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\362\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\0\30\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\30\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\31\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\31\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\32\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\32\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\33\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) \0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\32\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\33\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0 (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\16\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\362\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\5\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\0\30\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\30\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\31\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0H\0\0\0\31\0\2\0\0\0\0\0\30\0\0\0H\0\0\0p\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\30\0\32\0P?\24\0\0\0\0\00\00\00\00\00\00\00\00\00\00\01\01\0\31\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0L\0\0\0\32\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0t\0e\0m\0\24\0\2\0\0\0\220\0\0\0\32\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\1\0\1\0\5\0\0\200\0\0\0\0\33\1\0\0\314\1\0\0\324\1\0\0\200\0\0\0\0\0\1\0\0\0\0\0@\0\0\0L\0\0\0\0\0\0\0"\0\12\2\0\354\375\177\0\0\0\0P\0a\0c\0k\0e\0d\0C\0a\0t\0a\0l\0o\0g\0I\0"}, 900, ) }, 900, ) == 0x0
 00280   468   NtClose  (76, ... ) == 0x0
 00281   468   NtOpenKey  (0x20019, {24, 72, 0x40, 0, 0,  (0x20019, {24, 72, 0x40, 0, 0, "000000000011"}, ... 76, ) }, ... 76, ) == 0x0
 00282   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00283   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_BUFFER_OVERFLOW
 00284   468   NtQueryValueKey  (76,  (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\363\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\0\35\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\35\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\36\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\36\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\37\1\0\0\314\1\0\0\324\1\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\37\1\0\0\314\1\0\0\324\1\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0 \1\0\0\314\1\0\0\324\1\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0 \1\0\0\314\1\0\0\324\1\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0!\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\0<\0\0\0\214\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0 ?\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) , Partial, 900, ... TitleIdx=0, Type=3, Data= (76, "PackedCatalogItem", Partial, 900, ... TitleIdx=0, Type=3, Data="%SystemRoot%\system32\mswsock.dll\0gram\FSLSP.DLL\0\00\0\0\0\10\0\2\0\10\0\4\1\10\0h\220\354\28\220\354\2\2\0\12\0\4\1\12\00\00\0\0\0\10\0\2\0\14\0\4\1\10\0\210\220\354\2X\220\354\2\2\0\16\0\4\1\12\00\00\0\0\0\10\0\2\0\20\0\4\1\10\0\250\220\354\2x\220\354\2\2\0\22\0\4\1\12\00\00\0\0\0\10\0\2\0\24\0\4\1\10\0\310\220\354\2\230\220\354\2\2\0\26\0\4\1\12\00\00\0\0\0\10\0\2\0\30\0\4\1\10\0\0\0\0\0\270\220\354\2\2\0\32\0\4\1\10\0H\0K\0R\0\0\0\3\0\34\0\4\1\10\0\360\222\354\2\0\0\0\0\0\221\354\2\16\0\0\0<\0\37\0\4\0\10\0X\3\10\0X\3\10\0\4\0\2\0\11\2\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\00\30_\215s\302\317\21\225\310\0\200_H\241\222\363\3\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\24\0\0\0\24\0\0\0\2\0\0\0\376\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0\372\0\0\0\0\0\0M\0S\0A\0F\0D\0 \0N\0e\0t\0B\0I\0O\0S\0 \0[\0\\0D\0e\0v\0i\0c\0e\0\\0N\0e\0t\0B\0T\0_\0T\0c\0p\0i\0p\0_\0{\0D\01\09\0D\0F\08\08\02\0-\0A\09\0C\0B\0-\04\01\04\04\0-\08\0\0\0\0\0\204\3\0\0\35\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0L\0\0\0\35\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\36\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\0\0\1\0\0\0\0\0\4\0\0\0H\0\0\0\36\1\0\0\314\1\0\0\324\1\0\0\17\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\37\1\0\0\314\1\0\0\324\1\0\0\305\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\37\1\0\0\314\1\0\0\324\1\0\0\305\0\0\0\1\0\1\0\2\1\0\0\0\0\0\0 \1\0\0\314\1\0\0\324\1\0\0\25\0\0\0\0\0\1\0\0\0\0\0\24\0\0\0\3\0\37\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0 \1\0\0\314\1\0\0\324\1\0\0\25\0\0\0\1\0\1\0\0\0\0\0\10\0\0\0\0\0\0\0H\0\0\0!\1\0\0\314\1\0\0\324\1\0\0Q\0\0\0\0\0\1\0\0\0\0\0T\0\0\0\0\0\0\2\0\0\0\0\30\0\0\0<\0\0\0\214\374\22\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$\0&\0 ?\24\0\0\0\0\0N\0a\0m\0e\0S\0p\0a\0c\0e\0_\0C\0a\0t\0a\0l\0o\0g\05\0"}, 900, ) }, 900, ) == 0x0
 00285   468   NtClose  (76, ... ) == 0x0
 00286   468   NtClose  (72, ... ) == 0x0
 00287   468   NtWaitForSingleObject  (64, 0, {0, 0}, ... ) == 0x102
 00288   468   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ... 72, ) == 0x0
 00289   468   NtOpenKey  (0x2000000, {24, 60, 0x40, 0, 0,  (0x2000000, {24, 60, 0x40, 0, 0, "NameSpace_Catalog5"}, ... 76, ) }, ... 76, ) == 0x0
 00290   468   NtQueryValueKey  (76,  (76, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) }, 16, ) == 0x0
 00291   468   NtNotifyChangeKey  (76, 72, 0, 0, 2011390432, 1, 0, 0, 0, 1, ... ) == 0x103
 00292   468   NtQueryValueKey  (76,  (76, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Serial_Access_Num", Partial, 144, ... TitleIdx=0, Type=4, Data="\4\0\0\0"}, 16, ) }, 16, ) == 0x0
 00293   468   NtOpenKey  (0x2000000, {24, 76, 0x40, 0, 0,  (0x2000000, {24, 76, 0x40, 0, 0, "00000004"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00294   468   NtQueryValueKey  (76,  (76, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\3\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (76, "Num_Catalog_Entries", Partial, 144, ... TitleIdx=0, Type=4, Data="\3\0\0\0"}, 16, ) }, 16, ) == 0x0
 00295   468   NtOpenKey  (0x2000000, {24, 76, 0x40, 0, 0,  (0x2000000, {24, 76, 0x40, 0, 0, "Catalog_Entries"}, ... 80, ) }, ... 80, ) == 0x0
 00296   468   NtAllocateVirtualMemory  (-1, 1339392, 0, 4096, 4096, 4, ... 1339392, 4096, ) == 0x0
 00297   468   NtOpenKey  (0x20019, {24, 80, 0x40, 0, 0,  (0x20019, {24, 80, 0x40, 0, 0, "000000000001"}, ... 84, ) }, ... 84, ) == 0x0
 00298   468   NtQueryValueKey  (84,  (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00299   468   NtQueryValueKey  (84,  (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00300   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00301   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00302   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00303   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="T\0c\0p\0i\0p\0\0\0"}, 24, ) }, 24, ) == 0x0
 00304   468   NtQueryValueKey  (84,  (84, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (84, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="@\235\5"\236~\317\21\256Z\0\252\0\247\21+"}, 28, ) \236~\317\21\256Z\0\252\0\247\21+"}, 28, ) == 0x0
 00305   468   NtQueryValueKey  (84,  (84, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00306   468   NtQueryValueKey  (84,  (84, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\14\0\0\0"}, 16, ) }, 16, ) == 0x0
 00307   468   NtQueryValueKey  (84,  (84, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00308   468   NtQueryValueKey  (84,  (84, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00309   468   NtQueryValueKey  (84,  (84, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00310   468   NtClose  (84, ... ) == 0x0
 00311   468   NtOpenKey  (0x20019, {24, 80, 0x40, 0, 0,  (0x20019, {24, 80, 0x40, 0, 0, "000000000002"}, ... 84, ) }, ... 84, ) == 0x0
 00312   468   NtQueryValueKey  (84,  (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00313   468   NtQueryValueKey  (84,  (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0i\0n\0r\0n\0r\0.\0d\0l\0l\0\0\0"}, 78, ) }, 78, ) == 0x0
 00314   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00315   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00316   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00317   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0T\0D\0S\0\0\0"}, 22, ) }, 22, ) == 0x0
 00318   468   NtQueryValueKey  (84,  (84, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (84, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data="\3567&;\200\345\317\21\245U\0\300O\330\324\254"}, 28, ) }, 28, ) == 0x0
 00319   468   NtQueryValueKey  (84,  (84, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00320   468   NtQueryValueKey  (84,  (84, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data=" \0\0\0"}, 16, ) }, 16, ) == 0x0
 00321   468   NtQueryValueKey  (84,  (84, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00322   468   NtQueryValueKey  (84,  (84, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00323   468   NtQueryValueKey  (84,  (84, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00324   468   NtClose  (84, ... ) == 0x0
 00325   468   NtOpenKey  (0x20019, {24, 80, 0x40, 0, 0,  (0x20019, {24, 80, 0x40, 0, 0, "000000000003"}, ... 84, ) }, ... 84, ) == 0x0
 00326   468   NtQueryValueKey  (84,  (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00327   468   NtQueryValueKey  (84,  (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "LibraryPath", Partial, 144, ... TitleIdx=0, Type=1, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0m\0s\0w\0s\0o\0c\0k\0.\0d\0l\0l\0\0\0"}, 80, ) }, 80, ) == 0x0
 00328   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00329   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00330   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00331   468   NtQueryValueKey  (84,  (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (84, "DisplayString", Partial, 144, ... TitleIdx=0, Type=1, Data="N\0e\0t\0w\0o\0r\0k\0 \0L\0o\0c\0a\0t\0i\0o\0n\0 \0A\0w\0a\0r\0e\0n\0e\0s\0s\0 \0(\0N\0L\0A\0)\0 \0N\0a\0m\0e\0s\0p\0a\0c\0e\0\0\0"}, 98, ) }, 98, ) == 0x0
 00332   468   NtQueryValueKey  (84,  (84, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=3, Data= (84, "ProviderId", Partial, 144, ... TitleIdx=0, Type=3, Data=":$Bf\250;\246J\272\245.\13\327\37\335\203"}, 28, ) }, 28, ) == 0x0
 00333   468   NtQueryValueKey  (84,  (84, "AddressFamily", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00334   468   NtQueryValueKey  (84,  (84, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "SupportedNameSpace", Partial, 144, ... TitleIdx=0, Type=4, Data="\17\0\0\0"}, 16, ) }, 16, ) == 0x0
 00335   468   NtQueryValueKey  (84,  (84, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "Enabled", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00336   468   NtQueryValueKey  (84,  (84, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "Version", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00337   468   NtQueryValueKey  (84,  (84, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (84, "StoresServiceClassInfo", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00338   468   NtClose  (84, ... ) == 0x0
 00339   468   NtClose  (80, ... ) == 0x0
 00340   468   NtWaitForSingleObject  (72, 0, {0, 0}, ... ) == 0x102
 00341   468   NtClose  (60, ... ) == 0x0
 00342   468   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00343   468   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00344   468   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Winsock2\Parameters"}, ... 60, ) }, ... 60, ) == 0x0
 00345   468   NtQueryValueKey  (60,  (60, "Ws2_32NumHandleBuckets", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00346   468   NtClose  (60, ... ) == 0x0
 00347   468   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 60, ) == 0x0
 00348   468   NtAllocateVirtualMemory  (-1, 1343488, 0, 4096, 4096, 4, ... 1343488, 4096, ) == 0x0
 00349   468   NtCreateFile  (0x80100080, {24, 0, 0x40, 0, 1241680,  (0x80100080, {24, 0, 0x40, 0, 1241680, "\??\u:\work\packed.exe"}, 0x0, 0, 1, 1, 2097252, 0, 0, ... 80, {status=0x0, info=1}, ) }, 0x0, 0, 1, 1, 2097252, 0, 0, ... 80, {status=0x0, info=1}, ) == 0x0
 00350   468   NtQueryInformationFile  (80, 1242616, 8, AttributeFlag, ... {status=0x0, info=8}, ) == 0x0
 00351   468   NtQueryInformationFile  (80, 1242588, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
 00352   468   NtQueryInformationFile  (80, 1242540, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00353   468   NtQueryInformationFile  (80, 1341736, 4094, Stream, ... {status=0x0, info=38}, ) == 0x0
 00354   468   NtQueryInformationFile  (80, 1241084, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00355   468   NtQueryInformationFile  (80, 1240928, 4, Ea, ... {status=0x0, info=4}, ) == 0x0
 00356   468   NtCreateFile  (0x40110080, {24, 0, 0x40, 0, 1240936,  (0x40110080, {24, 0, 0x40, 0, 1240936, "\??\C:\WINDOWS\avserve2.exe"}, 0x0, 32, 0, 5, 100, 0, 0, ... }, 0x0, 32, 0, 5, 100, 0, 0, ...
 00357   468   NtClose  (-2147482040, ... ) == 0x0
 00356   468   NtCreateFile  ... 84, {status=0x0, info=2}, ) == 0x0
 00358   468   NtQueryVolumeInformationFile  (84, 1240308, 536, Attribute, ... {status=0x0, info=22}, ) == 0x0
 00359   468   NtQueryInformationFile  (84, 1240268, 40, Basic, ... {status=0x0, info=40}, ) == 0x0
 00360   468   NtQueryVolumeInformationFile  (80, 1240308, 536, Attribute, ... {status=0x0, info=20}, ) == 0x0
 00361   468   NtQueryVolumeInformationFile  (80, 1239992, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00362   468   NtSetInformationFile  (84, 1240096, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00363   468   NtCreateSection  (0xf001f, 0x0, 0x0, 2, 134217728, 80, ... 88, ) == 0x0
 00364   468   NtMapViewOfSection  (88, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0x980000), {0, 0}, 86016, ) == 0x0
 00365   468   NtClose  (88, ... ) == 0x0
 00366   468   NtWriteFile  (84, 0, 0, 0,  (84, 0, 0, 0, "MZ\220\0\3\0\0\0\4\0\0\0\377\377\0\0\270\0\0\0\0\0\0\0@\0\0\0\0\0\0\0    \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\320\0\0\0\16\37\272\16\0\264\11\315!\270\1L\315!This program cannot be run in DOS mode.\15\15\12$\0\0\0\0\0\0\0\324%^\221\220D0\302\220D0\302\220D0\302x[:\302\212D0\302\23X>\302\233D0\302\220D1\302\331D0\302\362[#\302\231D0\302x[;\302\224D0\302(B6\302\221D0\302Rich\220D0\302\0\0\0\0\0\0\0\0PE\0\0L\1\2\0\204\214\223@\0\0\0\0\0\0\0\0\340\0\17\1\13\1\6\0\0>\0\0\0"\0\0\0\0\0\0\20\220\1\0\0\20\0\0\0P\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\0\2\0\0\4\0\0\0\0\0\0\2\0\0\0\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0$\220\0\0\212\0\0\0\0\220\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0\0\200\0\0\0\20\0\0\00\0\0\0\4\0\02CEP\0\0\0\0\0\0\0\0 \0\0\340.rsr", 61440, 0x0, 0, ... {status=0x0, info=61440}, ) \0\0\0\0\0\0\20\220\1\0\0\20\0\0\0P\0\0\0\0@\0\0\20\0\0\0\2\0\0\4\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\0\2\0\0\4\0\0\0\0\0\0\2\0\0\0\0\0\20\0\0\20\0\0\0\0\20\0\0\20\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0$\220\0\0\212\0\0\0\0\220\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.text\0\0\0\0\200\0\0\0\20\0\0\00\0\0\0\4\0\02CEP\0\0\0\0\0\0\0\0 \0\0\340.rsr", 61440, 0x0, 0, ... {status=0x0, info=61440}, ) == 0x0
 00367   468   NtWriteFile  (84, 0, 0, 0,  (84, 0, 0, 0, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 24080, 0x0, 0, ... {status=0x0, info=24080}, ) , 24080, 0x0, 0, ... {status=0x0, info=24080}, ) == 0x0
 00368   468   NtUnmapViewOfSection  (-1, 0x980000, ... ) == 0x0
 00369   468   NtSetInformationFile  (84, 1242540, 40, Basic, ... {status=0x0, info=0}, ) == 0x0
 00370   468   NtClose  (80, ... ) == 0x0
 00371   468   NtClose  (84, ... ) == 0x0
 00372   468   NtOpenKey  (0x2000000, {24, 28, 0x40, 0, 0,  (0x2000000, {24, 28, 0x40, 0, 0, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"}, ... 84, ) }, ... 84, ) == 0x0
 00373   468   NtSetValueKey  (84,  (84, "avserve2.exe", 0, 1, "C\0:\0\\0W\0I\0N\0D\0O\0W\0S\0\\0a\0v\0s\0e\0r\0v\0e\02\0.\0e\0x\0e\0\0\0", 48, ... , 0, 1,  (84, "avserve2.exe", 0, 1, "C\0:\0\\0W\0I\0N\0D\0O\0W\0S\0\\0a\0v\0s\0e\0r\0v\0e\02\0.\0e\0x\0e\0\0\0", 48, ... , 48, ...
 00374   468   NtSetInformationFile  (-2147482828, -136050892, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00375   468   NtSetInformationFile  (-2147482828, -136050984, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00376   468   NtSetInformationFile  (-2147482828, -136051292, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
 00373   468   NtSetValueKey  ... ) == 0x0
 00377   468   NtClose  (84, ... ) == 0x0
 00378   468   NtCreateMutant  (0x1f0001, {24, 52, 0x80, 0, 0,  (0x1f0001, {24, 52, 0x80, 0, 0, "JumpallsNlsTillt"}, 0, ... 84, ) }, 0, ... 84, ) == 0x0
 00379   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 9961472, 1048576, ) == 0x0
 00380   468   NtAllocateVirtualMemory  (-1, 11001856, 0, 8192, 4096, 4, ... 11001856, 8192, ) == 0x0
 00381   468   NtProtectVirtualMemory  (-1, (0xa7e000), 4096, 260, ... (0xa7e000), 4096, 4, ) == 0x0
 00382   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 80, {460, 864}, ) == 0x0
 00383   468   NtQueryInformationThread  (80, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdd000,Pid=460,Tid=864,}, 0x0, ) == 0x0
 00384   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 1243948, 1244004, 2010981548, 1243932}  (24, {28, 56, new_msg, 0, 1243948, 1244004, 2010981548, 1243932} "\0\0\0\0\1\0\1\0C:\WINDOP\0\0\0\314\1\0\0`\3\0\0" ... {28, 56, reply, 0, 460, 468, 1549, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOP\0\0\0\314\1\0\0`\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1549, 0}  (24, {28, 56, new_msg, 0, 1243948, 1244004, 2010981548, 1243932} "\0\0\0\0\1\0\1\0C:\WINDOP\0\0\0\314\1\0\0`\3\0\0" ... {28, 56, reply, 0, 460, 468, 1549, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOP\0\0\0\314\1\0\0`\3\0\0" )  ) == 0x0
 00385   468   NtResumeThread  (80, ... 1, ) == 0x0
 00386   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 11010048, 1048576, ) == 0x0
 00387   468   NtAllocateVirtualMemory  (-1, 12050432, 0, 8192, 4096, 4, ...
 00388   864   NtTestAlert  (... ) == 0x0
 00389   864   NtContinue  (11009328, 1, ...
 00390   864   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00391   864   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 88, ) == 0x0
 00392   864   NtWaitForSingleObject  (64, 0, {0, 0}, ... ) == 0x102
 00393   864   NtAllocateVirtualMemory  (-1, 10997760, 0, 4096, 4096, 260, ...
 00387   468   NtAllocateVirtualMemory  ... 12050432, 8192, ) == 0x0
 00394   468   NtProtectVirtualMemory  (-1, (0xb7e000), 4096, 260, ... (0xb7e000), 4096, 4, ) == 0x0
 00395   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 92, {460, 868}, ) == 0x0
 00396   468   NtQueryInformationThread  (92, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdc000,Pid=460,Tid=868,}, 0x0, ) == 0x0
 00397   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1549, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1549, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\\0\0\0\314\1\0\0d\3\0\0" ... {28, 56, reply, 0, 460, 468, 1550, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\\0\0\0\314\1\0\0d\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1550, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1549, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\\0\0\0\314\1\0\0d\3\0\0" ... {28, 56, reply, 0, 460, 468, 1550, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\\0\0\0\314\1\0\0d\3\0\0" )  ) == 0x0
 00398   468   NtResumeThread  (92, ... 1, ) == 0x0
 00393   864   NtAllocateVirtualMemory  ... 10997760, 4096, ) == 0x0
 00399   868   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 00400   864   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11006524, ... }, 11006524, ...
 00399   868   NtCreateEvent  ... 96, ) == 0x0
 00400   864   NtQueryAttributesFile  ... ) == 0x0
 00401   868   NtWaitForSingleObject  (96, 0, 0x0, ...
 00402   864   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 5, 96, ... 100, {status=0x0, info=1}, ) }, 5, 96, ... 100, {status=0x0, info=1}, ) == 0x0
 00403   864   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 100, ... 104, ) == 0x0
 00404   864   NtClose  (100, ... ) == 0x0
 00405   864   NtMapViewOfSection  (104, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0xb80000), 0x0, 229376, ) == 0x0
 00406   864   NtClose  (104, ...
 00407   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 12320768, 1048576, ) == 0x0
 00408   468   NtAllocateVirtualMemory  (-1, 13361152, 0, 8192, 4096, 4, ... 13361152, 8192, ) == 0x0
 00409   468   NtProtectVirtualMemory  (-1, (0xcbe000), 4096, 260, ... (0xcbe000), 4096, 4, ) == 0x0
 00410   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 100, {460, 872}, ) == 0x0
 00411   468   NtQueryInformationThread  (100, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffdb000,Pid=460,Tid=872,}, 0x0, ) == 0x0
 00412   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1550, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1550, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOd\0\0\0\314\1\0\0h\3\0\0" ...  ...
 00406   864   NtClose  ... ) == 0x0
 00413   864   NtUnmapViewOfSection  (-1, 0xb80000, ... ) == 0x0
 00414   864   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11006840, ... ) }, 11006840, ... ) == 0x0
 00415   864   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 5, 96, ... }, 5, 96, ...
 00412   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1551, 0}  ... {28, 56, reply, 0, 460, 468, 1551, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOd\0\0\0\314\1\0\0h\3\0\0" )  ) == 0x0
 00416   468   NtResumeThread  (100, ... 1, ) == 0x0
 00417   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 13369344, 1048576, ) == 0x0
 00418   468   NtAllocateVirtualMemory  (-1, 14409728, 0, 8192, 4096, 4, ... 14409728, 8192, ) == 0x0
 00419   468   NtProtectVirtualMemory  (-1, (0xdbe000), 4096, 260, ... (0xdbe000), 4096, 4, ) == 0x0
 00420   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 104, {460, 876}, ) == 0x0
 00421   468   NtQueryInformationThread  (104, Basic, 28, ...
 00415   864   NtOpenFile  ... 108, {status=0x0, info=1}, ) == 0x0
 00422   872   NtWaitForSingleObject  (96, 0, 0x0, ...
 00423   864   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 108, ... 112, ) == 0x0
 00424   864   NtQuerySection  (112, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00425   864   NtClose  (108, ... ) == 0x0
 00426   864   NtMapViewOfSection  (112, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71a50000), 0x0, 241664, ) == 0x0
 00427   864   NtClose  (112, ... ) == 0x0
 00428   864   NtQuerySystemInformation  (Basic, 44, ...
 00421   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffda000,Pid=460,Tid=876,}, 0x0, ) == 0x0
 00429   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1551, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1551, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOh\0\0\0\314\1\0\0l\3\0\0" ... {28, 56, reply, 0, 460, 468, 1552, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOh\0\0\0\314\1\0\0l\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1552, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1551, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOh\0\0\0\314\1\0\0l\3\0\0" ... {28, 56, reply, 0, 460, 468, 1552, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOh\0\0\0\314\1\0\0l\3\0\0" )  ) == 0x0
 00430   468   NtResumeThread  (104, ... 1, ) == 0x0
 00431   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 14417920, 1048576, ) == 0x0
 00432   468   NtAllocateVirtualMemory  (-1, 15458304, 0, 8192, 4096, 4, ... 15458304, 8192, ) == 0x0
 00433   468   NtProtectVirtualMemory  (-1, (0xebe000), 4096, 260, ... (0xebe000), 4096, 4, ) == 0x0
 00428   864   NtQuerySystemInformation  ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00434   876   NtWaitForSingleObject  (96, 0, 0x0, ...
 00435   864   NtQuerySystemInformation  (Processor, 12, ... {system info, class 1, size 12}, 0x0, ) == 0x0
 00436   864   NtSetEventBoostPriority  (96, ...
 00401   868   NtWaitForSingleObject  ... ) == 0x0
 00437   868   NtSetEventBoostPriority  (96, ...
 00422   872   NtWaitForSingleObject  ... ) == 0x0
 00438   872   NtSetEventBoostPriority  (96, ...
 00434   876   NtWaitForSingleObject  ... ) == 0x0
 00439   876   NtTestAlert  (... ) == 0x0
 00438   872   NtSetEventBoostPriority  ... ) == 0x0
 00437   868   NtSetEventBoostPriority  ... ) == 0x0
 00436   864   NtSetEventBoostPriority  ... ) == 0x0
 00440   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 00441   876   NtContinue  (14417200, 1, ...
 00442   872   NtTestAlert  (...
 00443   864   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 00440   468   NtCreateThread  ... 112, {460, 880}, ) == 0x0
 00444   876   NtRegisterThreadTerminatePort  (24, ...
 00442   872   NtTestAlert  ... ) == 0x0
 00445   868   NtTestAlert  (...
 00446   468   NtQueryInformationThread  (112, Basic, 28, ...
 00444   876   NtRegisterThreadTerminatePort  ... ) == 0x0
 00447   872   NtContinue  (13368624, 1, ...
 00445   868   NtTestAlert  ... ) == 0x0
 00443   864   NtCreateEvent  ... 108, ) == 0x0
 00448   876   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00449   872   NtRegisterThreadTerminatePort  (24, ...
 00450   868   NtContinue  (12057904, 1, ...
 00451   864   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\mswsock.dll"}, 11006168, ... }, 11006168, ...
 00448   876   NtDuplicateObject  ... 116, ) == 0x0
 00449   872   NtRegisterThreadTerminatePort  ... ) == 0x0
 00452   868   NtRegisterThreadTerminatePort  (24, ...
 00451   864   NtQueryAttributesFile  ... ) == 0x0
 00453   876   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 00454   872   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00452   868   NtRegisterThreadTerminatePort  ... ) == 0x0
 00455   864   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "SYSTEM\CurrentControlSet\Services\Winsock\Parameters"}, ... }, ...
 00446   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffd9000,Pid=460,Tid=880,}, 0x0, ) == 0x0
 00453   876   NtWaitForSingleObject  ... ) == 0x102
 00456   868   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00455   864   NtOpenKey  ... 120, ) == 0x0
 00457   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1552, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1552, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOp\0\0\0\314\1\0\0p\3\0\0" ...  ...
 00458   876   NtAllocateVirtualMemory  (-1, 14405632, 0, 4096, 4096, 260, ...
 00454   872   NtDuplicateObject  ... 124, ) == 0x0
 00459   864   NtQueryValueKey  (120,  (120, "Transports", Partial, 144, ... , Partial, 144, ...
 00457   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1553, 0}  ... {28, 56, reply, 0, 460, 468, 1553, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOp\0\0\0\314\1\0\0p\3\0\0" )  ) == 0x0
 00458   876   NtAllocateVirtualMemory  ... 14405632, 4096, ) == 0x0
 00460   872   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 00456   868   NtDuplicateObject  ... 128, ) == 0x0
 00461   468   NtResumeThread  (112, ...
 00462   876   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\mswsock.dll"}, 14412844, ... }, 14412844, ...
 00460   872   NtWaitForSingleObject  ... ) == 0x102
 00463   868   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 00461   468   NtResumeThread  ... 1, ) == 0x0
 00462   876   NtQueryAttributesFile  ... ) == 0x0
 00464   872   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 00463   868   NtWaitForSingleObject  ... ) == 0x102
 00459   864   NtQueryValueKey  ... TitleIdx=0, Type=7, Data= ... TitleIdx=0, Type=7, Data="T\0c\0p\0i\0p\0\0\0N\0e\0t\0B\0I\0O\0S\0\0\0\0\0"}, 42, ) }, 42, ) == 0x0
 00465   880   NtWaitForSingleObject  (96, 0, 0x0, ...
 00466   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 00464   872   NtCreateEvent  ... 132, ) == 0x0
 00467   868   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 00468   864   NtQueryValueKey  (120,  (120, "Transports", Partial, 144, ... , Partial, 144, ...
 00466   468   NtAllocateVirtualMemory  ... 15466496, 1048576, ) == 0x0
 00469   876   NtSetEventBoostPriority  (96, ...
 00467   868   NtCreateEvent  ... 136, ) == 0x0
 00468   864   NtQueryValueKey  ... TitleIdx=0, Type=7, Data= ... TitleIdx=0, Type=7, Data="T\0c\0p\0i\0p\0\0\0N\0e\0t\0B\0I\0O\0S\0\0\0\0\0"}, 42, ) }, 42, ) == 0x0
 00470   468   NtAllocateVirtualMemory  (-1, 16506880, 0, 8192, 4096, 4, ...
 00465   880   NtWaitForSingleObject  ... ) == 0x0
 00469   876   NtSetEventBoostPriority  ... ) == 0x0
 00471   872   NtWaitForSingleObject  (132, 0, 0x0, ...
 00472   864   NtClose  (120, ...
 00473   880   NtTestAlert  (...
 00470   468   NtAllocateVirtualMemory  ... 16506880, 8192, ) == 0x0
 00474   876   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 00473   880   NtTestAlert  ... ) == 0x0
 00472   864   NtClose  ... ) == 0x0
 00475   468   NtProtectVirtualMemory  (-1, (0xfbe000), 4096, 260, ...
 00474   876   NtCreateEvent  ... 120, ) == 0x0
 00476   868   NtClose  (136, ...
 00477   864   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters\Winsock"}, ... }, ...
 00475   468   NtProtectVirtualMemory  ... (0xfbe000), 4096, 4, ) == 0x0
 00478   876   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "DNSAPI.dll"}, ... }, ...
 00476   868   NtClose  ... ) == 0x0
 00479   880   NtContinue  (15465776, 1, ...
 00477   864   NtOpenKey  ... 136, ) == 0x0
 00478   876   NtOpenSection  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00480   868   NtWaitForSingleObject  (132, 0, 0x0, ...
 00481   880   NtRegisterThreadTerminatePort  (24, ...
 00482   864   NtQueryValueKey  (136,  (136, "Mapping", Partial, 144, ... , Partial, 144, ...
 00483   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 00481   880   NtRegisterThreadTerminatePort  ... ) == 0x0
 00482   864   NtQueryValueKey  ... ) == STATUS_BUFFER_OVERFLOW
 00483   468   NtCreateThread  ... 140, {460, 884}, ) == 0x0
 00484   880   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00485   864   NtQueryValueKey  (136,  (136, "Mapping", Partial, 144, ... , Partial, 144, ...
 00486   468   NtQueryInformationThread  (140, Basic, 28, ...
 00484   880   NtDuplicateObject  ... 144, ) == 0x0
 00485   864   NtQueryValueKey  ... ) == STATUS_BUFFER_OVERFLOW
 00486   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffd8000,Pid=460,Tid=884,}, 0x0, ) == 0x0
 00487   880   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 00488   864   NtAllocateVirtualMemory  (-1, 1347584, 0, 4096, 4096, 4, ...
 00489   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1553, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1553, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\214\0\0\0\314\1\0\0t\3\0\0" ...  ...
 00490   876   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\DNSAPI.dll"}, 14412960, ... }, 14412960, ...
 00487   880   NtWaitForSingleObject  ... ) == 0x102
 00491   880   NtWaitForSingleObject  (132, 0, 0x0, ...
 00488   864   NtAllocateVirtualMemory  ... 1347584, 4096, ) == 0x0
 00492   864   NtQueryValueKey  (136,  (136, "Mapping", Partial, 152, ... TitleIdx=0, Type=3, Data="\13\0\0\0\3\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\2\0\0\0\1\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\0\0\0\0\1\0\0\0\6\0\0\0\2\0\0\0\2\0\0\0\21\0\0\0\2\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\21\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\2\0\0\0\3\0\0\0\0\0\0\0"}, 152, ) , Partial, 152, ... TitleIdx=0, Type=3, Data= (136, "Mapping", Partial, 152, ... TitleIdx=0, Type=3, Data="\13\0\0\0\3\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\2\0\0\0\1\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\6\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\0\0\0\0\1\0\0\0\6\0\0\0\2\0\0\0\2\0\0\0\21\0\0\0\2\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\21\0\0\0\0\0\0\0\2\0\0\0\21\0\0\0\2\0\0\0\3\0\0\0\0\0\0\0"}, 152, ) }, 152, ) == 0x0
 00493   864   NtClose  (136, ... ) == 0x0
 00494   864   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters\Winsock"}, ... }, ...
 00489   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1554, 0}  ... {28, 56, reply, 0, 460, 468, 1554, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\214\0\0\0\314\1\0\0t\3\0\0" )  ) == 0x0
 00495   468   NtResumeThread  (140, ... 1, ) == 0x0
 00496   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 16515072, 1048576, ) == 0x0
 00497   468   NtAllocateVirtualMemory  (-1, 17555456, 0, 8192, 4096, 4, ... 17555456, 8192, ) == 0x0
 00498   468   NtProtectVirtualMemory  (-1, (0x10be000), 4096, 260, ... (0x10be000), 4096, 4, ) == 0x0
 00499   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 136, {460, 888}, ) == 0x0
 00500   468   NtQueryInformationThread  (136, Basic, 28, ...
 00494   864   NtOpenKey  ... 148, ) == 0x0
 00501   884   NtWaitForSingleObject  (96, 0, 0x0, ...
 00502   864   NtQueryValueKey  (148,  (148, "MinSockaddrLength", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (148, "MinSockaddrLength", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) }, 16, ) == 0x0
 00503   864   NtQueryValueKey  (148,  (148, "MaxSockaddrLength", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (148, "MaxSockaddrLength", Partial, 144, ... TitleIdx=0, Type=4, Data="\20\0\0\0"}, 16, ) }, 16, ) == 0x0
 00504   864   NtQueryValueKey  (148,  (148, "UseDelayedAcceptance", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (148, "UseDelayedAcceptance", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00505   864   NtQueryValueKey  (148,  (148, "HelperDllName", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0t\0c\0p\0i\0p\0.\0d\0l\0l\0\0\0"}, 82, ) , Partial, 144, ... TitleIdx=0, Type=2, Data= (148, "HelperDllName", Partial, 144, ... TitleIdx=0, Type=2, Data="%\0S\0y\0s\0t\0e\0m\0R\0o\0o\0t\0%\0\\0S\0y\0s\0t\0e\0m\03\02\0\\0w\0s\0h\0t\0c\0p\0i\0p\0.\0d\0l\0l\0\0\0"}, 82, ) }, 82, ) == 0x0
 00506   864   NtWaitForSingleObject  (96, 0, 0x0, ...
 00500   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ffd7000,Pid=460,Tid=888,}, 0x0, ) == 0x0
 00507   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1554, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1554, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\210\0\0\0\314\1\0\0x\3\0\0" ... {28, 56, reply, 0, 460, 468, 1555, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\210\0\0\0\314\1\0\0x\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1555, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1554, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\210\0\0\0\314\1\0\0x\3\0\0" ... {28, 56, reply, 0, 460, 468, 1555, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\210\0\0\0\314\1\0\0x\3\0\0" )  ) == 0x0
 00508   468   NtResumeThread  (136, ... 1, ) == 0x0
 00509   888   NtWaitForSingleObject  (96, 0, 0x0, ...
 00510   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 17563648, 1048576, ) == 0x0
 00511   468   NtAllocateVirtualMemory  (-1, 18604032, 0, 8192, 4096, 4, ... 18604032, 8192, ) == 0x0
 00512   468   NtProtectVirtualMemory  (-1, (0x11be000), 4096, 260, ... (0x11be000), 4096, 4, ) == 0x0
 00513   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 152, {460, 892}, ) == 0x0
 00514   468   NtQueryInformationThread  (152, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd6000,Pid=460,Tid=892,}, 0x0, ) == 0x0
 00515   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1555, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1555, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\230\0\0\0\314\1\0\0|\3\0\0" ... {28, 56, reply, 0, 460, 468, 1556, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\230\0\0\0\314\1\0\0|\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1556, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1555, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\230\0\0\0\314\1\0\0|\3\0\0" ... {28, 56, reply, 0, 460, 468, 1556, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\230\0\0\0\314\1\0\0|\3\0\0" )  ) == 0x0
 00516   468   NtResumeThread  (152, ... 1, ) == 0x0
 00517   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 18612224, 1048576, ) == 0x0
 00518   468   NtAllocateVirtualMemory  (-1, 19652608, 0, 8192, 4096, 4, ...
 00519   892   NtWaitForSingleObject  (96, 0, 0x0, ...
 00518   468   NtAllocateVirtualMemory  ... 19652608, 8192, ) == 0x0
 00520   468   NtProtectVirtualMemory  (-1, (0x12be000), 4096, 260, ... (0x12be000), 4096, 4, ) == 0x0
 00521   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 156, {460, 308}, ) == 0x0
 00522   468   NtQueryInformationThread  (156, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd5000,Pid=460,Tid=308,}, 0x0, ) == 0x0
 00523   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1556, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1556, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\234\0\0\0\314\1\0\04\1\0\0" ... {28, 56, reply, 0, 460, 468, 1557, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\234\0\0\0\314\1\0\04\1\0\0" )  ... {28, 56, reply, 0, 460, 468, 1557, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1556, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\234\0\0\0\314\1\0\04\1\0\0" ... {28, 56, reply, 0, 460, 468, 1557, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\234\0\0\0\314\1\0\04\1\0\0" )  ) == 0x0
 00524   468   NtResumeThread  (156, ... 1, ) == 0x0
 00525   308   NtWaitForSingleObject  (96, 0, 0x0, ...
 00526   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 19660800, 1048576, ) == 0x0
 00527   468   NtAllocateVirtualMemory  (-1, 20701184, 0, 8192, 4096, 4, ... 20701184, 8192, ) == 0x0
 00528   468   NtProtectVirtualMemory  (-1, (0x13be000), 4096, 260, ... (0x13be000), 4096, 4, ) == 0x0
 00529   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 160, {460, 912}, ) == 0x0
 00530   468   NtQueryInformationThread  (160, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffd4000,Pid=460,Tid=912,}, 0x0, ) == 0x0
 00531   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1557, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1557, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\240\0\0\0\314\1\0\0\220\3\0\0" ... {28, 56, reply, 0, 460, 468, 1558, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\240\0\0\0\314\1\0\0\220\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1558, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1557, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\240\0\0\0\314\1\0\0\220\3\0\0" ... {28, 56, reply, 0, 460, 468, 1558, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\240\0\0\0\314\1\0\0\220\3\0\0" )  ) == 0x0
 00532   468   NtResumeThread  (160, ... 1, ) == 0x0
 00533   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 20709376, 1048576, ) == 0x0
 00534   468   NtAllocateVirtualMemory  (-1, 21749760, 0, 8192, 4096, 4, ...
 00535   912   NtWaitForSingleObject  (96, 0, 0x0, ...
 00534   468   NtAllocateVirtualMemory  ... 21749760, 8192, ) == 0x0
 00536   468   NtProtectVirtualMemory  (-1, (0x14be000), 4096, 260, ... (0x14be000), 4096, 4, ) == 0x0
 00537   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 164, {460, 916}, ) == 0x0
 00538   468   NtQueryInformationThread  (164, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffaf000,Pid=460,Tid=916,}, 0x0, ) == 0x0
 00539   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1558, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1558, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\244\0\0\0\314\1\0\0\224\3\0\0" ... {28, 56, reply, 0, 460, 468, 1559, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\244\0\0\0\314\1\0\0\224\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1559, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1558, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\244\0\0\0\314\1\0\0\224\3\0\0" ... {28, 56, reply, 0, 460, 468, 1559, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\244\0\0\0\314\1\0\0\224\3\0\0" )  ) == 0x0
 00540   468   NtResumeThread  (164, ... 1, ) == 0x0
 00541   916   NtWaitForSingleObject  (96, 0, 0x0, ...
 00542   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 21757952, 1048576, ) == 0x0
 00543   468   NtAllocateVirtualMemory  (-1, 22798336, 0, 8192, 4096, 4, ... 22798336, 8192, ) == 0x0
 00544   468   NtProtectVirtualMemory  (-1, (0x15be000), 4096, 260, ... (0x15be000), 4096, 4, ) == 0x0
 00545   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 168, {460, 920}, ) == 0x0
 00546   468   NtQueryInformationThread  (168, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffae000,Pid=460,Tid=920,}, 0x0, ) == 0x0
 00547   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1559, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1559, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\250\0\0\0\314\1\0\0\230\3\0\0" ... {28, 56, reply, 0, 460, 468, 1560, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\250\0\0\0\314\1\0\0\230\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1560, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1559, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\250\0\0\0\314\1\0\0\230\3\0\0" ... {28, 56, reply, 0, 460, 468, 1560, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\250\0\0\0\314\1\0\0\230\3\0\0" )  ) == 0x0
 00548   468   NtResumeThread  (168, ... 1, ) == 0x0
 00549   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 22806528, 1048576, ) == 0x0
 00550   468   NtAllocateVirtualMemory  (-1, 23846912, 0, 8192, 4096, 4, ...
 00551   920   NtWaitForSingleObject  (96, 0, 0x0, ...
 00550   468   NtAllocateVirtualMemory  ... 23846912, 8192, ) == 0x0
 00552   468   NtProtectVirtualMemory  (-1, (0x16be000), 4096, 260, ... (0x16be000), 4096, 4, ) == 0x0
 00553   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 172, {460, 908}, ) == 0x0
 00554   468   NtQueryInformationThread  (172, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffad000,Pid=460,Tid=908,}, 0x0, ) == 0x0
 00555   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1560, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1560, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\254\0\0\0\314\1\0\0\214\3\0\0" ... {28, 56, reply, 0, 460, 468, 1561, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\254\0\0\0\314\1\0\0\214\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1561, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1560, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\254\0\0\0\314\1\0\0\214\3\0\0" ... {28, 56, reply, 0, 460, 468, 1561, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\254\0\0\0\314\1\0\0\214\3\0\0" )  ) == 0x0
 00556   468   NtResumeThread  (172, ... 1, ) == 0x0
 00557   908   NtWaitForSingleObject  (96, 0, 0x0, ...
 00558   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 23855104, 1048576, ) == 0x0
 00559   468   NtAllocateVirtualMemory  (-1, 24895488, 0, 8192, 4096, 4, ... 24895488, 8192, ) == 0x0
 00560   468   NtProtectVirtualMemory  (-1, (0x17be000), 4096, 260, ... (0x17be000), 4096, 4, ) == 0x0
 00561   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 176, {460, 924}, ) == 0x0
 00562   468   NtQueryInformationThread  (176, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffac000,Pid=460,Tid=924,}, 0x0, ) == 0x0
 00563   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1561, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1561, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\260\0\0\0\314\1\0\0\234\3\0\0" ... {28, 56, reply, 0, 460, 468, 1562, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\260\0\0\0\314\1\0\0\234\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1562, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1561, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\260\0\0\0\314\1\0\0\234\3\0\0" ... {28, 56, reply, 0, 460, 468, 1562, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\260\0\0\0\314\1\0\0\234\3\0\0" )  ) == 0x0
 00564   468   NtResumeThread  (176, ... 1, ) == 0x0
 00565   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 24903680, 1048576, ) == 0x0
 00566   468   NtAllocateVirtualMemory  (-1, 25944064, 0, 8192, 4096, 4, ...
 00567   924   NtWaitForSingleObject  (96, 0, 0x0, ...
 00566   468   NtAllocateVirtualMemory  ... 25944064, 8192, ) == 0x0
 00568   468   NtProtectVirtualMemory  (-1, (0x18be000), 4096, 260, ... (0x18be000), 4096, 4, ) == 0x0
 00569   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 180, {460, 928}, ) == 0x0
 00570   468   NtQueryInformationThread  (180, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffab000,Pid=460,Tid=928,}, 0x0, ) == 0x0
 00571   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1562, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1562, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\264\0\0\0\314\1\0\0\240\3\0\0" ... {28, 56, reply, 0, 460, 468, 1563, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\264\0\0\0\314\1\0\0\240\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1563, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1562, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\264\0\0\0\314\1\0\0\240\3\0\0" ... {28, 56, reply, 0, 460, 468, 1563, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\264\0\0\0\314\1\0\0\240\3\0\0" )  ) == 0x0
 00572   468   NtResumeThread  (180, ... 1, ) == 0x0
 00573   928   NtWaitForSingleObject  (96, 0, 0x0, ...
 00574   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 25952256, 1048576, ) == 0x0
 00575   468   NtAllocateVirtualMemory  (-1, 26992640, 0, 8192, 4096, 4, ... 26992640, 8192, ) == 0x0
 00576   468   NtProtectVirtualMemory  (-1, (0x19be000), 4096, 260, ... (0x19be000), 4096, 4, ) == 0x0
 00577   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 184, {460, 932}, ) == 0x0
 00578   468   NtQueryInformationThread  (184, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffaa000,Pid=460,Tid=932,}, 0x0, ) == 0x0
 00579   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1563, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1563, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\270\0\0\0\314\1\0\0\244\3\0\0" ... {28, 56, reply, 0, 460, 468, 1564, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\270\0\0\0\314\1\0\0\244\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1564, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1563, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\270\0\0\0\314\1\0\0\244\3\0\0" ... {28, 56, reply, 0, 460, 468, 1564, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\270\0\0\0\314\1\0\0\244\3\0\0" )  ) == 0x0
 00580   468   NtResumeThread  (184, ... 1, ) == 0x0
 00581   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 27000832, 1048576, ) == 0x0
 00582   468   NtAllocateVirtualMemory  (-1, 28041216, 0, 8192, 4096, 4, ...
 00583   932   NtWaitForSingleObject  (96, 0, 0x0, ...
 00582   468   NtAllocateVirtualMemory  ... 28041216, 8192, ) == 0x0
 00584   468   NtProtectVirtualMemory  (-1, (0x1abe000), 4096, 260, ... (0x1abe000), 4096, 4, ) == 0x0
 00585   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 188, {460, 936}, ) == 0x0
 00586   468   NtQueryInformationThread  (188, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa9000,Pid=460,Tid=936,}, 0x0, ) == 0x0
 00587   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1564, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1564, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\274\0\0\0\314\1\0\0\250\3\0\0" ... {28, 56, reply, 0, 460, 468, 1565, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\274\0\0\0\314\1\0\0\250\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1565, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1564, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\274\0\0\0\314\1\0\0\250\3\0\0" ... {28, 56, reply, 0, 460, 468, 1565, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\274\0\0\0\314\1\0\0\250\3\0\0" )  ) == 0x0
 00588   468   NtResumeThread  (188, ... 1, ) == 0x0
 00589   936   NtWaitForSingleObject  (96, 0, 0x0, ...
 00590   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 28049408, 1048576, ) == 0x0
 00591   468   NtAllocateVirtualMemory  (-1, 29089792, 0, 8192, 4096, 4, ... 29089792, 8192, ) == 0x0
 00592   468   NtProtectVirtualMemory  (-1, (0x1bbe000), 4096, 260, ... (0x1bbe000), 4096, 4, ) == 0x0
 00593   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 192, {460, 940}, ) == 0x0
 00594   468   NtQueryInformationThread  (192, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa8000,Pid=460,Tid=940,}, 0x0, ) == 0x0
 00595   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1565, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1565, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\300\0\0\0\314\1\0\0\254\3\0\0" ... {28, 56, reply, 0, 460, 468, 1566, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\300\0\0\0\314\1\0\0\254\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1566, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1565, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\300\0\0\0\314\1\0\0\254\3\0\0" ... {28, 56, reply, 0, 460, 468, 1566, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\300\0\0\0\314\1\0\0\254\3\0\0" )  ) == 0x0
 00596   468   NtResumeThread  (192, ... 1, ) == 0x0
 00597   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 29097984, 1048576, ) == 0x0
 00598   468   NtAllocateVirtualMemory  (-1, 30138368, 0, 8192, 4096, 4, ...
 00599   940   NtWaitForSingleObject  (96, 0, 0x0, ...
 00598   468   NtAllocateVirtualMemory  ... 30138368, 8192, ) == 0x0
 00600   468   NtProtectVirtualMemory  (-1, (0x1cbe000), 4096, 260, ... (0x1cbe000), 4096, 4, ) == 0x0
 00601   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 196, {460, 944}, ) == 0x0
 00602   468   NtQueryInformationThread  (196, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa7000,Pid=460,Tid=944,}, 0x0, ) == 0x0
 00603   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1566, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1566, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\304\0\0\0\314\1\0\0\260\3\0\0" ... {28, 56, reply, 0, 460, 468, 1567, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\304\0\0\0\314\1\0\0\260\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1567, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1566, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\304\0\0\0\314\1\0\0\260\3\0\0" ... {28, 56, reply, 0, 460, 468, 1567, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\304\0\0\0\314\1\0\0\260\3\0\0" )  ) == 0x0
 00604   468   NtResumeThread  (196, ... 1, ) == 0x0
 00605   944   NtWaitForSingleObject  (96, 0, 0x0, ...
 00606   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 30146560, 1048576, ) == 0x0
 00607   468   NtAllocateVirtualMemory  (-1, 31186944, 0, 8192, 4096, 4, ... 31186944, 8192, ) == 0x0
 00608   468   NtProtectVirtualMemory  (-1, (0x1dbe000), 4096, 260, ... (0x1dbe000), 4096, 4, ) == 0x0
 00609   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 200, {460, 948}, ) == 0x0
 00610   468   NtQueryInformationThread  (200, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa6000,Pid=460,Tid=948,}, 0x0, ) == 0x0
 00611   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1567, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1567, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\310\0\0\0\314\1\0\0\264\3\0\0" ... {28, 56, reply, 0, 460, 468, 1568, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\310\0\0\0\314\1\0\0\264\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1568, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1567, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\310\0\0\0\314\1\0\0\264\3\0\0" ... {28, 56, reply, 0, 460, 468, 1568, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\310\0\0\0\314\1\0\0\264\3\0\0" )  ) == 0x0
 00612   468   NtResumeThread  (200, ... 1, ) == 0x0
 00613   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 31195136, 1048576, ) == 0x0
 00614   468   NtAllocateVirtualMemory  (-1, 32235520, 0, 8192, 4096, 4, ...
 00615   948   NtWaitForSingleObject  (96, 0, 0x0, ...
 00614   468   NtAllocateVirtualMemory  ... 32235520, 8192, ) == 0x0
 00616   468   NtProtectVirtualMemory  (-1, (0x1ebe000), 4096, 260, ... (0x1ebe000), 4096, 4, ) == 0x0
 00617   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 204, {460, 952}, ) == 0x0
 00618   468   NtQueryInformationThread  (204, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa5000,Pid=460,Tid=952,}, 0x0, ) == 0x0
 00619   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1568, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1568, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\314\0\0\0\314\1\0\0\270\3\0\0" ... {28, 56, reply, 0, 460, 468, 1569, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\314\0\0\0\314\1\0\0\270\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1569, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1568, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\314\0\0\0\314\1\0\0\270\3\0\0" ... {28, 56, reply, 0, 460, 468, 1569, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\314\0\0\0\314\1\0\0\270\3\0\0" )  ) == 0x0
 00620   468   NtResumeThread  (204, ... 1, ) == 0x0
 00621   952   NtWaitForSingleObject  (96, 0, 0x0, ...
 00622   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 32243712, 1048576, ) == 0x0
 00623   468   NtAllocateVirtualMemory  (-1, 33284096, 0, 8192, 4096, 4, ... 33284096, 8192, ) == 0x0
 00624   468   NtProtectVirtualMemory  (-1, (0x1fbe000), 4096, 260, ... (0x1fbe000), 4096, 4, ) == 0x0
 00625   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 208, {460, 956}, ) == 0x0
 00626   468   NtQueryInformationThread  (208, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa4000,Pid=460,Tid=956,}, 0x0, ) == 0x0
 00627   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1569, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1569, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\320\0\0\0\314\1\0\0\274\3\0\0" ... {28, 56, reply, 0, 460, 468, 1570, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\320\0\0\0\314\1\0\0\274\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1570, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1569, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\320\0\0\0\314\1\0\0\274\3\0\0" ... {28, 56, reply, 0, 460, 468, 1570, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\320\0\0\0\314\1\0\0\274\3\0\0" )  ) == 0x0
 00628   468   NtResumeThread  (208, ... 1, ) == 0x0
 00629   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 33292288, 1048576, ) == 0x0
 00630   468   NtAllocateVirtualMemory  (-1, 34332672, 0, 8192, 4096, 4, ...
 00631   956   NtWaitForSingleObject  (96, 0, 0x0, ...
 00630   468   NtAllocateVirtualMemory  ... 34332672, 8192, ) == 0x0
 00632   468   NtProtectVirtualMemory  (-1, (0x20be000), 4096, 260, ... (0x20be000), 4096, 4, ) == 0x0
 00633   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 212, {460, 960}, ) == 0x0
 00634   468   NtQueryInformationThread  (212, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa3000,Pid=460,Tid=960,}, 0x0, ) == 0x0
 00635   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1570, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1570, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\324\0\0\0\314\1\0\0\300\3\0\0" ... {28, 56, reply, 0, 460, 468, 1571, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\324\0\0\0\314\1\0\0\300\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1571, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1570, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\324\0\0\0\314\1\0\0\300\3\0\0" ... {28, 56, reply, 0, 460, 468, 1571, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\324\0\0\0\314\1\0\0\300\3\0\0" )  ) == 0x0
 00636   468   NtResumeThread  (212, ... 1, ) == 0x0
 00637   960   NtWaitForSingleObject  (96, 0, 0x0, ...
 00638   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 34340864, 1048576, ) == 0x0
 00639   468   NtAllocateVirtualMemory  (-1, 35381248, 0, 8192, 4096, 4, ... 35381248, 8192, ) == 0x0
 00640   468   NtProtectVirtualMemory  (-1, (0x21be000), 4096, 260, ... (0x21be000), 4096, 4, ) == 0x0
 00641   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 216, {460, 964}, ) == 0x0
 00642   468   NtQueryInformationThread  (216, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa2000,Pid=460,Tid=964,}, 0x0, ) == 0x0
 00643   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1571, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1571, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\0\0\0\314\1\0\0\304\3\0\0" ... {28, 56, reply, 0, 460, 468, 1572, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\0\0\0\314\1\0\0\304\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1572, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1571, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\0\0\0\314\1\0\0\304\3\0\0" ... {28, 56, reply, 0, 460, 468, 1572, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\0\0\0\314\1\0\0\304\3\0\0" )  ) == 0x0
 00644   468   NtResumeThread  (216, ... 1, ) == 0x0
 00645   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 35389440, 1048576, ) == 0x0
 00646   468   NtAllocateVirtualMemory  (-1, 36429824, 0, 8192, 4096, 4, ...
 00647   964   NtWaitForSingleObject  (96, 0, 0x0, ...
 00646   468   NtAllocateVirtualMemory  ... 36429824, 8192, ) == 0x0
 00648   468   NtProtectVirtualMemory  (-1, (0x22be000), 4096, 260, ... (0x22be000), 4096, 4, ) == 0x0
 00649   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 220, {460, 968}, ) == 0x0
 00650   468   NtQueryInformationThread  (220, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa1000,Pid=460,Tid=968,}, 0x0, ) == 0x0
 00651   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1572, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1572, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\334\0\0\0\314\1\0\0\310\3\0\0" ... {28, 56, reply, 0, 460, 468, 1573, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\334\0\0\0\314\1\0\0\310\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1573, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1572, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\334\0\0\0\314\1\0\0\310\3\0\0" ... {28, 56, reply, 0, 460, 468, 1573, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\334\0\0\0\314\1\0\0\310\3\0\0" )  ) == 0x0
 00652   468   NtResumeThread  (220, ... 1, ) == 0x0
 00653   968   NtWaitForSingleObject  (96, 0, 0x0, ...
 00654   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 36438016, 1048576, ) == 0x0
 00655   468   NtAllocateVirtualMemory  (-1, 37478400, 0, 8192, 4096, 4, ... 37478400, 8192, ) == 0x0
 00656   468   NtProtectVirtualMemory  (-1, (0x23be000), 4096, 260, ... (0x23be000), 4096, 4, ) == 0x0
 00657   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 224, {460, 992}, ) == 0x0
 00658   468   NtQueryInformationThread  (224, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ffa0000,Pid=460,Tid=992,}, 0x0, ) == 0x0
 00659   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1573, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1573, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\0\0\0\314\1\0\0\340\3\0\0" ... {28, 56, reply, 0, 460, 468, 1574, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\0\0\0\314\1\0\0\340\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1574, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1573, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\0\0\0\314\1\0\0\340\3\0\0" ... {28, 56, reply, 0, 460, 468, 1574, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\0\0\0\314\1\0\0\340\3\0\0" )  ) == 0x0
 00660   468   NtResumeThread  (224, ... 1, ) == 0x0
 00661   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 37486592, 1048576, ) == 0x0
 00662   468   NtAllocateVirtualMemory  (-1, 38526976, 0, 8192, 4096, 4, ...
 00663   992   NtWaitForSingleObject  (96, 0, 0x0, ...
 00662   468   NtAllocateVirtualMemory  ... 38526976, 8192, ) == 0x0
 00664   468   NtProtectVirtualMemory  (-1, (0x24be000), 4096, 260, ... (0x24be000), 4096, 4, ) == 0x0
 00665   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 228, {460, 996}, ) == 0x0
 00666   468   NtQueryInformationThread  (228, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9f000,Pid=460,Tid=996,}, 0x0, ) == 0x0
 00667   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1574, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1574, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\344\0\0\0\314\1\0\0\344\3\0\0" ... {28, 56, reply, 0, 460, 468, 1575, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\344\0\0\0\314\1\0\0\344\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1575, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1574, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\344\0\0\0\314\1\0\0\344\3\0\0" ... {28, 56, reply, 0, 460, 468, 1575, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\344\0\0\0\314\1\0\0\344\3\0\0" )  ) == 0x0
 00668   468   NtResumeThread  (228, ... 1, ) == 0x0
 00669   996   NtWaitForSingleObject  (96, 0, 0x0, ...
 00670   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 38535168, 1048576, ) == 0x0
 00671   468   NtAllocateVirtualMemory  (-1, 39575552, 0, 8192, 4096, 4, ... 39575552, 8192, ) == 0x0
 00672   468   NtProtectVirtualMemory  (-1, (0x25be000), 4096, 260, ... (0x25be000), 4096, 4, ) == 0x0
 00673   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 232, {460, 1012}, ) == 0x0
 00674   468   NtQueryInformationThread  (232, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9e000,Pid=460,Tid=1012,}, 0x0, ) == 0x0
 00675   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1575, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1575, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\350\0\0\0\314\1\0\0\364\3\0\0" ... {28, 56, reply, 0, 460, 468, 1576, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\350\0\0\0\314\1\0\0\364\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1576, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1575, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\350\0\0\0\314\1\0\0\364\3\0\0" ... {28, 56, reply, 0, 460, 468, 1576, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\350\0\0\0\314\1\0\0\364\3\0\0" )  ) == 0x0
 00676   468   NtResumeThread  (232, ... 1, ) == 0x0
 00677   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 39583744, 1048576, ) == 0x0
 00678   468   NtAllocateVirtualMemory  (-1, 40624128, 0, 8192, 4096, 4, ...
 00679  1012   NtWaitForSingleObject  (96, 0, 0x0, ...
 00678   468   NtAllocateVirtualMemory  ... 40624128, 8192, ) == 0x0
 00680   468   NtProtectVirtualMemory  (-1, (0x26be000), 4096, 260, ... (0x26be000), 4096, 4, ) == 0x0
 00681   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 236, {460, 1024}, ) == 0x0
 00682   468   NtQueryInformationThread  (236, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9d000,Pid=460,Tid=1024,}, 0x0, ) == 0x0
 00683   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1576, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1576, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\354\0\0\0\314\1\0\0\0\4\0\0" ... {28, 56, reply, 0, 460, 468, 1577, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\354\0\0\0\314\1\0\0\0\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1577, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1576, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\354\0\0\0\314\1\0\0\0\4\0\0" ... {28, 56, reply, 0, 460, 468, 1577, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\354\0\0\0\314\1\0\0\0\4\0\0" )  ) == 0x0
 00684   468   NtResumeThread  (236, ... 1, ) == 0x0
 00685  1024   NtWaitForSingleObject  (96, 0, 0x0, ...
 00686   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 40632320, 1048576, ) == 0x0
 00687   468   NtAllocateVirtualMemory  (-1, 41672704, 0, 8192, 4096, 4, ... 41672704, 8192, ) == 0x0
 00688   468   NtProtectVirtualMemory  (-1, (0x27be000), 4096, 260, ... (0x27be000), 4096, 4, ) == 0x0
 00689   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 240, {460, 1028}, ) == 0x0
 00690   468   NtQueryInformationThread  (240, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9c000,Pid=460,Tid=1028,}, 0x0, ) == 0x0
 00691   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1577, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1577, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\360\0\0\0\314\1\0\0\4\4\0\0" ... {28, 56, reply, 0, 460, 468, 1578, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\360\0\0\0\314\1\0\0\4\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1578, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1577, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\360\0\0\0\314\1\0\0\4\4\0\0" ... {28, 56, reply, 0, 460, 468, 1578, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\360\0\0\0\314\1\0\0\4\4\0\0" )  ) == 0x0
 00692   468   NtResumeThread  (240, ... 1, ) == 0x0
 00693   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 41680896, 1048576, ) == 0x0
 00694   468   NtAllocateVirtualMemory  (-1, 42721280, 0, 8192, 4096, 4, ...
 00695  1028   NtWaitForSingleObject  (96, 0, 0x0, ...
 00694   468   NtAllocateVirtualMemory  ... 42721280, 8192, ) == 0x0
 00696   468   NtProtectVirtualMemory  (-1, (0x28be000), 4096, 260, ... (0x28be000), 4096, 4, ) == 0x0
 00697   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 244, {460, 1000}, ) == 0x0
 00698   468   NtQueryInformationThread  (244, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9b000,Pid=460,Tid=1000,}, 0x0, ) == 0x0
 00699   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1578, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1578, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\364\0\0\0\314\1\0\0\350\3\0\0" ... {28, 56, reply, 0, 460, 468, 1579, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\364\0\0\0\314\1\0\0\350\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1579, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1578, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\364\0\0\0\314\1\0\0\350\3\0\0" ... {28, 56, reply, 0, 460, 468, 1579, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\364\0\0\0\314\1\0\0\350\3\0\0" )  ) == 0x0
 00700   468   NtResumeThread  (244, ... 1, ) == 0x0
 00701  1000   NtWaitForSingleObject  (96, 0, 0x0, ...
 00702   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 42729472, 1048576, ) == 0x0
 00703   468   NtAllocateVirtualMemory  (-1, 43769856, 0, 8192, 4096, 4, ... 43769856, 8192, ) == 0x0
 00704   468   NtProtectVirtualMemory  (-1, (0x29be000), 4096, 260, ... (0x29be000), 4096, 4, ) == 0x0
 00705   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 248, {460, 1032}, ) == 0x0
 00706   468   NtQueryInformationThread  (248, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff9a000,Pid=460,Tid=1032,}, 0x0, ) == 0x0
 00707   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1579, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1579, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\370\0\0\0\314\1\0\0\10\4\0\0" ... {28, 56, reply, 0, 460, 468, 1580, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\370\0\0\0\314\1\0\0\10\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1580, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1579, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\370\0\0\0\314\1\0\0\10\4\0\0" ... {28, 56, reply, 0, 460, 468, 1580, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\370\0\0\0\314\1\0\0\10\4\0\0" )  ) == 0x0
 00708   468   NtResumeThread  (248, ... 1, ) == 0x0
 00709   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 43778048, 1048576, ) == 0x0
 00710   468   NtAllocateVirtualMemory  (-1, 44818432, 0, 8192, 4096, 4, ...
 00711  1032   NtWaitForSingleObject  (96, 0, 0x0, ...
 00710   468   NtAllocateVirtualMemory  ... 44818432, 8192, ) == 0x0
 00712   468   NtProtectVirtualMemory  (-1, (0x2abe000), 4096, 260, ... (0x2abe000), 4096, 4, ) == 0x0
 00713   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 252, {460, 1048}, ) == 0x0
 00714   468   NtQueryInformationThread  (252, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff99000,Pid=460,Tid=1048,}, 0x0, ) == 0x0
 00715   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1580, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1580, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\374\0\0\0\314\1\0\0\30\4\0\0" ... {28, 56, reply, 0, 460, 468, 1581, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\374\0\0\0\314\1\0\0\30\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1581, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1580, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\374\0\0\0\314\1\0\0\30\4\0\0" ... {28, 56, reply, 0, 460, 468, 1581, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\374\0\0\0\314\1\0\0\30\4\0\0" )  ) == 0x0
 00716   468   NtResumeThread  (252, ... 1, ) == 0x0
 00717  1048   NtWaitForSingleObject  (96, 0, 0x0, ...
 00718   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 44826624, 1048576, ) == 0x0
 00719   468   NtAllocateVirtualMemory  (-1, 45867008, 0, 8192, 4096, 4, ... 45867008, 8192, ) == 0x0
 00720   468   NtProtectVirtualMemory  (-1, (0x2bbe000), 4096, 260, ... (0x2bbe000), 4096, 4, ) == 0x0
 00721   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 256, {460, 1064}, ) == 0x0
 00722   468   NtQueryInformationThread  (256, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff98000,Pid=460,Tid=1064,}, 0x0, ) == 0x0
 00723   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1581, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1581, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\0\1\0\0\314\1\0\0(\4\0\0" ... {28, 56, reply, 0, 460, 468, 1582, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\0\1\0\0\314\1\0\0(\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1582, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1581, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\0\1\0\0\314\1\0\0(\4\0\0" ... {28, 56, reply, 0, 460, 468, 1582, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\0\1\0\0\314\1\0\0(\4\0\0" )  ) == 0x0
 00724   468   NtResumeThread  (256, ... 1, ) == 0x0
 00725   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 45875200, 1048576, ) == 0x0
 00726   468   NtAllocateVirtualMemory  (-1, 46915584, 0, 8192, 4096, 4, ...
 00727  1064   NtWaitForSingleObject  (96, 0, 0x0, ...
 00726   468   NtAllocateVirtualMemory  ... 46915584, 8192, ) == 0x0
 00728   468   NtProtectVirtualMemory  (-1, (0x2cbe000), 4096, 260, ... (0x2cbe000), 4096, 4, ) == 0x0
 00729   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 260, {460, 1084}, ) == 0x0
 00730   468   NtQueryInformationThread  (260, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff97000,Pid=460,Tid=1084,}, 0x0, ) == 0x0
 00731   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1582, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1582, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\4\1\0\0\314\1\0\0<\4\0\0" ... {28, 56, reply, 0, 460, 468, 1583, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\4\1\0\0\314\1\0\0<\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1583, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1582, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\4\1\0\0\314\1\0\0<\4\0\0" ... {28, 56, reply, 0, 460, 468, 1583, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\4\1\0\0\314\1\0\0<\4\0\0" )  ) == 0x0
 00732   468   NtResumeThread  (260, ... 1, ) == 0x0
 00733  1084   NtWaitForSingleObject  (96, 0, 0x0, ...
 00734   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 46923776, 1048576, ) == 0x0
 00735   468   NtAllocateVirtualMemory  (-1, 47964160, 0, 8192, 4096, 4, ... 47964160, 8192, ) == 0x0
 00736   468   NtProtectVirtualMemory  (-1, (0x2dbe000), 4096, 260, ... (0x2dbe000), 4096, 4, ) == 0x0
 00737   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 264, {460, 1076}, ) == 0x0
 00738   468   NtQueryInformationThread  (264, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff96000,Pid=460,Tid=1076,}, 0x0, ) == 0x0
 00739   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1583, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1583, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\10\1\0\0\314\1\0\04\4\0\0" ... {28, 56, reply, 0, 460, 468, 1584, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\10\1\0\0\314\1\0\04\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1584, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1583, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\10\1\0\0\314\1\0\04\4\0\0" ... {28, 56, reply, 0, 460, 468, 1584, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\10\1\0\0\314\1\0\04\4\0\0" )  ) == 0x0
 00740   468   NtResumeThread  (264, ... 1, ) == 0x0
 00741   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 47972352, 1048576, ) == 0x0
 00742   468   NtAllocateVirtualMemory  (-1, 49012736, 0, 8192, 4096, 4, ...
 00743  1076   NtWaitForSingleObject  (96, 0, 0x0, ...
 00742   468   NtAllocateVirtualMemory  ... 49012736, 8192, ) == 0x0
 00744   468   NtProtectVirtualMemory  (-1, (0x2ebe000), 4096, 260, ... (0x2ebe000), 4096, 4, ) == 0x0
 00745   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 268, {460, 1080}, ) == 0x0
 00746   468   NtQueryInformationThread  (268, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff95000,Pid=460,Tid=1080,}, 0x0, ) == 0x0
 00747   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1584, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1584, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\14\1\0\0\314\1\0\08\4\0\0" ... {28, 56, reply, 0, 460, 468, 1585, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\14\1\0\0\314\1\0\08\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1585, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1584, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\14\1\0\0\314\1\0\08\4\0\0" ... {28, 56, reply, 0, 460, 468, 1585, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\14\1\0\0\314\1\0\08\4\0\0" )  ) == 0x0
 00748   468   NtResumeThread  (268, ... 1, ) == 0x0
 00749  1080   NtWaitForSingleObject  (96, 0, 0x0, ...
 00750   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 49020928, 1048576, ) == 0x0
 00751   468   NtAllocateVirtualMemory  (-1, 50061312, 0, 8192, 4096, 4, ... 50061312, 8192, ) == 0x0
 00752   468   NtProtectVirtualMemory  (-1, (0x2fbe000), 4096, 260, ... (0x2fbe000), 4096, 4, ) == 0x0
 00753   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 272, {460, 1088}, ) == 0x0
 00754   468   NtQueryInformationThread  (272, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff94000,Pid=460,Tid=1088,}, 0x0, ) == 0x0
 00755   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1585, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1585, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\20\1\0\0\314\1\0\0@\4\0\0" ... {28, 56, reply, 0, 460, 468, 1586, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\20\1\0\0\314\1\0\0@\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1586, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1585, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\20\1\0\0\314\1\0\0@\4\0\0" ... {28, 56, reply, 0, 460, 468, 1586, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\20\1\0\0\314\1\0\0@\4\0\0" )  ) == 0x0
 00756   468   NtResumeThread  (272, ... 1, ) == 0x0
 00757   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 50069504, 1048576, ) == 0x0
 00758   468   NtAllocateVirtualMemory  (-1, 51109888, 0, 8192, 4096, 4, ...
 00759  1088   NtWaitForSingleObject  (96, 0, 0x0, ...
 00758   468   NtAllocateVirtualMemory  ... 51109888, 8192, ) == 0x0
 00760   468   NtProtectVirtualMemory  (-1, (0x30be000), 4096, 260, ... (0x30be000), 4096, 4, ) == 0x0
 00761   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 276, {460, 1004}, ) == 0x0
 00762   468   NtQueryInformationThread  (276, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff93000,Pid=460,Tid=1004,}, 0x0, ) == 0x0
 00763   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1586, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1586, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\24\1\0\0\314\1\0\0\354\3\0\0" ... {28, 56, reply, 0, 460, 468, 1587, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\24\1\0\0\314\1\0\0\354\3\0\0" )  ... {28, 56, reply, 0, 460, 468, 1587, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1586, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\24\1\0\0\314\1\0\0\354\3\0\0" ... {28, 56, reply, 0, 460, 468, 1587, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\24\1\0\0\314\1\0\0\354\3\0\0" )  ) == 0x0
 00764   468   NtResumeThread  (276, ... 1, ) == 0x0
 00765  1004   NtWaitForSingleObject  (96, 0, 0x0, ...
 00766   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 51118080, 1048576, ) == 0x0
 00767   468   NtAllocateVirtualMemory  (-1, 52158464, 0, 8192, 4096, 4, ... 52158464, 8192, ) == 0x0
 00768   468   NtProtectVirtualMemory  (-1, (0x31be000), 4096, 260, ... (0x31be000), 4096, 4, ) == 0x0
 00769   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 280, {460, 1092}, ) == 0x0
 00770   468   NtQueryInformationThread  (280, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff92000,Pid=460,Tid=1092,}, 0x0, ) == 0x0
 00771   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1587, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1587, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\30\1\0\0\314\1\0\0D\4\0\0" ... {28, 56, reply, 0, 460, 468, 1588, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\30\1\0\0\314\1\0\0D\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1588, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1587, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\30\1\0\0\314\1\0\0D\4\0\0" ... {28, 56, reply, 0, 460, 468, 1588, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\30\1\0\0\314\1\0\0D\4\0\0" )  ) == 0x0
 00772   468   NtResumeThread  (280, ... 1, ) == 0x0
 00773   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 52166656, 1048576, ) == 0x0
 00774   468   NtAllocateVirtualMemory  (-1, 53207040, 0, 8192, 4096, 4, ...
 00775  1092   NtWaitForSingleObject  (96, 0, 0x0, ...
 00774   468   NtAllocateVirtualMemory  ... 53207040, 8192, ) == 0x0
 00776   468   NtProtectVirtualMemory  (-1, (0x32be000), 4096, 260, ... (0x32be000), 4096, 4, ) == 0x0
 00777   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 284, {460, 1096}, ) == 0x0
 00778   468   NtQueryInformationThread  (284, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff91000,Pid=460,Tid=1096,}, 0x0, ) == 0x0
 00779   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1588, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1588, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\34\1\0\0\314\1\0\0H\4\0\0" ... {28, 56, reply, 0, 460, 468, 1589, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\34\1\0\0\314\1\0\0H\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1589, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1588, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\34\1\0\0\314\1\0\0H\4\0\0" ... {28, 56, reply, 0, 460, 468, 1589, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\34\1\0\0\314\1\0\0H\4\0\0" )  ) == 0x0
 00780   468   NtResumeThread  (284, ... 1, ) == 0x0
 00781  1096   NtWaitForSingleObject  (96, 0, 0x0, ...
 00782   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 53215232, 1048576, ) == 0x0
 00783   468   NtAllocateVirtualMemory  (-1, 54255616, 0, 8192, 4096, 4, ... 54255616, 8192, ) == 0x0
 00784   468   NtProtectVirtualMemory  (-1, (0x33be000), 4096, 260, ... (0x33be000), 4096, 4, ) == 0x0
 00785   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 288, {460, 1100}, ) == 0x0
 00786   468   NtQueryInformationThread  (288, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff90000,Pid=460,Tid=1100,}, 0x0, ) == 0x0
 00787   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1589, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1589, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO \1\0\0\314\1\0\0L\4\0\0" ... {28, 56, reply, 0, 460, 468, 1590, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO \1\0\0\314\1\0\0L\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1590, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1589, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO \1\0\0\314\1\0\0L\4\0\0" ... {28, 56, reply, 0, 460, 468, 1590, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO \1\0\0\314\1\0\0L\4\0\0" )  ) == 0x0
 00788   468   NtResumeThread  (288, ... 1, ) == 0x0
 00789   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 54263808, 1048576, ) == 0x0
 00790   468   NtAllocateVirtualMemory  (-1, 55304192, 0, 8192, 4096, 4, ...
 00791  1100   NtWaitForSingleObject  (96, 0, 0x0, ...
 00790   468   NtAllocateVirtualMemory  ... 55304192, 8192, ) == 0x0
 00792   468   NtProtectVirtualMemory  (-1, (0x34be000), 4096, 260, ... (0x34be000), 4096, 4, ) == 0x0
 00793   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 292, {460, 1104}, ) == 0x0
 00794   468   NtQueryInformationThread  (292, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8f000,Pid=460,Tid=1104,}, 0x0, ) == 0x0
 00795   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1590, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1590, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO$\1\0\0\314\1\0\0P\4\0\0" ... {28, 56, reply, 0, 460, 468, 1591, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO$\1\0\0\314\1\0\0P\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1591, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1590, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO$\1\0\0\314\1\0\0P\4\0\0" ... {28, 56, reply, 0, 460, 468, 1591, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO$\1\0\0\314\1\0\0P\4\0\0" )  ) == 0x0
 00796   468   NtResumeThread  (292, ... 1, ) == 0x0
 00797  1104   NtWaitForSingleObject  (96, 0, 0x0, ...
 00798   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 55312384, 1048576, ) == 0x0
 00799   468   NtAllocateVirtualMemory  (-1, 56352768, 0, 8192, 4096, 4, ... 56352768, 8192, ) == 0x0
 00800   468   NtProtectVirtualMemory  (-1, (0x35be000), 4096, 260, ... (0x35be000), 4096, 4, ) == 0x0
 00801   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 296, {460, 1108}, ) == 0x0
 00802   468   NtQueryInformationThread  (296, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8e000,Pid=460,Tid=1108,}, 0x0, ) == 0x0
 00803   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1591, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1591, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO(\1\0\0\314\1\0\0T\4\0\0" ... {28, 56, reply, 0, 460, 468, 1592, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO(\1\0\0\314\1\0\0T\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1592, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1591, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO(\1\0\0\314\1\0\0T\4\0\0" ... {28, 56, reply, 0, 460, 468, 1592, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO(\1\0\0\314\1\0\0T\4\0\0" )  ) == 0x0
 00804   468   NtResumeThread  (296, ... 1, ) == 0x0
 00805   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 56360960, 1048576, ) == 0x0
 00806   468   NtAllocateVirtualMemory  (-1, 57401344, 0, 8192, 4096, 4, ...
 00807  1108   NtWaitForSingleObject  (96, 0, 0x0, ...
 00806   468   NtAllocateVirtualMemory  ... 57401344, 8192, ) == 0x0
 00808   468   NtProtectVirtualMemory  (-1, (0x36be000), 4096, 260, ... (0x36be000), 4096, 4, ) == 0x0
 00809   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 300, {460, 1152}, ) == 0x0
 00810   468   NtQueryInformationThread  (300, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8d000,Pid=460,Tid=1152,}, 0x0, ) == 0x0
 00811   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1592, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1592, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO,\1\0\0\314\1\0\0\200\4\0\0" ... {28, 56, reply, 0, 460, 468, 1593, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO,\1\0\0\314\1\0\0\200\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1593, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1592, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO,\1\0\0\314\1\0\0\200\4\0\0" ... {28, 56, reply, 0, 460, 468, 1593, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO,\1\0\0\314\1\0\0\200\4\0\0" )  ) == 0x0
 00812   468   NtResumeThread  (300, ... 1, ) == 0x0
 00813  1152   NtWaitForSingleObject  (96, 0, 0x0, ...
 00814   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 57409536, 1048576, ) == 0x0
 00815   468   NtAllocateVirtualMemory  (-1, 58449920, 0, 8192, 4096, 4, ... 58449920, 8192, ) == 0x0
 00816   468   NtProtectVirtualMemory  (-1, (0x37be000), 4096, 260, ... (0x37be000), 4096, 4, ) == 0x0
 00817   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 304, {460, 1148}, ) == 0x0
 00818   468   NtQueryInformationThread  (304, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8c000,Pid=460,Tid=1148,}, 0x0, ) == 0x0
 00819   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1593, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1593, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO0\1\0\0\314\1\0\0|\4\0\0" ... {28, 56, reply, 0, 460, 468, 1594, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO0\1\0\0\314\1\0\0|\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1594, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1593, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO0\1\0\0\314\1\0\0|\4\0\0" ... {28, 56, reply, 0, 460, 468, 1594, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO0\1\0\0\314\1\0\0|\4\0\0" )  ) == 0x0
 00820   468   NtResumeThread  (304, ... 1, ) == 0x0
 00821   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 58458112, 1048576, ) == 0x0
 00822   468   NtAllocateVirtualMemory  (-1, 59498496, 0, 8192, 4096, 4, ...
 00823  1148   NtWaitForSingleObject  (96, 0, 0x0, ...
 00822   468   NtAllocateVirtualMemory  ... 59498496, 8192, ) == 0x0
 00824   468   NtProtectVirtualMemory  (-1, (0x38be000), 4096, 260, ... (0x38be000), 4096, 4, ) == 0x0
 00825   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 308, {460, 1128}, ) == 0x0
 00826   468   NtQueryInformationThread  (308, Basic, 28, ...
 00490   876   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00826   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff8b000,Pid=460,Tid=1128,}, 0x0, ) == 0x0
 00827   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1594, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1594, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO4\1\0\0\314\1\0\0h\4\0\0" ... {28, 56, reply, 0, 460, 468, 1595, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO4\1\0\0\314\1\0\0h\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1595, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1594, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO4\1\0\0\314\1\0\0h\4\0\0" ... {28, 56, reply, 0, 460, 468, 1595, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO4\1\0\0\314\1\0\0h\4\0\0" )  ) == 0x0
 00828   468   NtResumeThread  (308, ... 1, ) == 0x0
 00829   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 59506688, 1048576, ) == 0x0
 00830   468   NtAllocateVirtualMemory  (-1, 60547072, 0, 8192, 4096, 4, ... 60547072, 8192, ) == 0x0
 00831   468   NtProtectVirtualMemory  (-1, (0x39be000), 4096, 260, ... (0x39be000), 4096, 4, ) == 0x0
 00832   876   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "DNSAPI.dll"}, 14412960, ... }, 14412960, ...
 00833  1128   NtWaitForSingleObject  (96, 0, 0x0, ...
 00834   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 312, {460, 1156}, ) == 0x0
 00835   468   NtQueryInformationThread  (312, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff8a000,Pid=460,Tid=1156,}, 0x0, ) == 0x0
 00836   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1595, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1595, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO8\1\0\0\314\1\0\0\204\4\0\0" ... {28, 56, reply, 0, 460, 468, 1596, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO8\1\0\0\314\1\0\0\204\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1596, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1595, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO8\1\0\0\314\1\0\0\204\4\0\0" ... {28, 56, reply, 0, 460, 468, 1596, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO8\1\0\0\314\1\0\0\204\4\0\0" )  ) == 0x0
 00837   468   NtResumeThread  (312, ... 1, ) == 0x0
 00838   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 60555264, 1048576, ) == 0x0
 00839   468   NtAllocateVirtualMemory  (-1, 61595648, 0, 8192, 4096, 4, ...
 00840  1156   NtWaitForSingleObject  (96, 0, 0x0, ...
 00839   468   NtAllocateVirtualMemory  ... 61595648, 8192, ) == 0x0
 00841   468   NtProtectVirtualMemory  (-1, (0x3abe000), 4096, 260, ... (0x3abe000), 4096, 4, ) == 0x0
 00842   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 316, {460, 320}, ) == 0x0
 00843   468   NtQueryInformationThread  (316, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff89000,Pid=460,Tid=320,}, 0x0, ) == 0x0
 00844   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1596, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1596, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO<\1\0\0\314\1\0\0@\1\0\0" ... {28, 56, reply, 0, 460, 468, 1597, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO<\1\0\0\314\1\0\0@\1\0\0" )  ... {28, 56, reply, 0, 460, 468, 1597, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1596, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO<\1\0\0\314\1\0\0@\1\0\0" ... {28, 56, reply, 0, 460, 468, 1597, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO<\1\0\0\314\1\0\0@\1\0\0" )  ) == 0x0
 00845   468   NtResumeThread  (316, ... 1, ) == 0x0
 00846   320   NtWaitForSingleObject  (96, 0, 0x0, ...
 00847   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 61603840, 1048576, ) == 0x0
 00848   468   NtAllocateVirtualMemory  (-1, 62644224, 0, 8192, 4096, 4, ... 62644224, 8192, ) == 0x0
 00849   468   NtProtectVirtualMemory  (-1, (0x3bbe000), 4096, 260, ... (0x3bbe000), 4096, 4, ) == 0x0
 00850   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 320, {460, 1172}, ) == 0x0
 00851   468   NtQueryInformationThread  (320, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff88000,Pid=460,Tid=1172,}, 0x0, ) == 0x0
 00852   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1597, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1597, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO@\1\0\0\314\1\0\0\224\4\0\0" ... {28, 56, reply, 0, 460, 468, 1598, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO@\1\0\0\314\1\0\0\224\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1598, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1597, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO@\1\0\0\314\1\0\0\224\4\0\0" ... {28, 56, reply, 0, 460, 468, 1598, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO@\1\0\0\314\1\0\0\224\4\0\0" )  ) == 0x0
 00853   468   NtResumeThread  (320, ... 1, ) == 0x0
 00854   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 62652416, 1048576, ) == 0x0
 00855   468   NtAllocateVirtualMemory  (-1, 63692800, 0, 8192, 4096, 4, ...
 00856  1172   NtWaitForSingleObject  (96, 0, 0x0, ...
 00855   468   NtAllocateVirtualMemory  ... 63692800, 8192, ) == 0x0
 00857   468   NtProtectVirtualMemory  (-1, (0x3cbe000), 4096, 260, ... (0x3cbe000), 4096, 4, ) == 0x0
 00858   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 324, {460, 1184}, ) == 0x0
 00859   468   NtQueryInformationThread  (324, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff87000,Pid=460,Tid=1184,}, 0x0, ) == 0x0
 00860   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1598, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1598, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOD\1\0\0\314\1\0\0\240\4\0\0" ... {28, 56, reply, 0, 460, 468, 1599, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOD\1\0\0\314\1\0\0\240\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1599, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1598, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOD\1\0\0\314\1\0\0\240\4\0\0" ... {28, 56, reply, 0, 460, 468, 1599, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOD\1\0\0\314\1\0\0\240\4\0\0" )  ) == 0x0
 00861   468   NtResumeThread  (324, ... 1, ) == 0x0
 00862  1184   NtWaitForSingleObject  (96, 0, 0x0, ...
 00863   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 63700992, 1048576, ) == 0x0
 00864   468   NtAllocateVirtualMemory  (-1, 64741376, 0, 8192, 4096, 4, ... 64741376, 8192, ) == 0x0
 00865   468   NtProtectVirtualMemory  (-1, (0x3dbe000), 4096, 260, ... (0x3dbe000), 4096, 4, ) == 0x0
 00866   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 328, {460, 324}, ) == 0x0
 00867   468   NtQueryInformationThread  (328, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff86000,Pid=460,Tid=324,}, 0x0, ) == 0x0
 00868   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1599, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1599, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOH\1\0\0\314\1\0\0D\1\0\0" ... {28, 56, reply, 0, 460, 468, 1600, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOH\1\0\0\314\1\0\0D\1\0\0" )  ... {28, 56, reply, 0, 460, 468, 1600, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1599, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOH\1\0\0\314\1\0\0D\1\0\0" ... {28, 56, reply, 0, 460, 468, 1600, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOH\1\0\0\314\1\0\0D\1\0\0" )  ) == 0x0
 00869   468   NtResumeThread  (328, ... 1, ) == 0x0
 00870   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 64749568, 1048576, ) == 0x0
 00871   468   NtAllocateVirtualMemory  (-1, 65789952, 0, 8192, 4096, 4, ...
 00872   324   NtWaitForSingleObject  (96, 0, 0x0, ...
 00871   468   NtAllocateVirtualMemory  ... 65789952, 8192, ) == 0x0
 00873   468   NtProtectVirtualMemory  (-1, (0x3ebe000), 4096, 260, ... (0x3ebe000), 4096, 4, ) == 0x0
 00874   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 332, {460, 1192}, ) == 0x0
 00875   468   NtQueryInformationThread  (332, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff85000,Pid=460,Tid=1192,}, 0x0, ) == 0x0
 00876   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1600, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1600, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOL\1\0\0\314\1\0\0\250\4\0\0" ... {28, 56, reply, 0, 460, 468, 1601, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOL\1\0\0\314\1\0\0\250\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1601, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1600, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOL\1\0\0\314\1\0\0\250\4\0\0" ... {28, 56, reply, 0, 460, 468, 1601, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOL\1\0\0\314\1\0\0\250\4\0\0" )  ) == 0x0
 00877   468   NtResumeThread  (332, ... 1, ) == 0x0
 00878  1192   NtWaitForSingleObject  (96, 0, 0x0, ...
 00879   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 65798144, 1048576, ) == 0x0
 00880   468   NtAllocateVirtualMemory  (-1, 66838528, 0, 8192, 4096, 4, ... 66838528, 8192, ) == 0x0
 00881   468   NtProtectVirtualMemory  (-1, (0x3fbe000), 4096, 260, ... (0x3fbe000), 4096, 4, ) == 0x0
 00882   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 336, {460, 1072}, ) == 0x0
 00883   468   NtQueryInformationThread  (336, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff84000,Pid=460,Tid=1072,}, 0x0, ) == 0x0
 00884   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1601, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1601, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOP\1\0\0\314\1\0\00\4\0\0" ... {28, 56, reply, 0, 460, 468, 1602, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOP\1\0\0\314\1\0\00\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1602, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1601, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOP\1\0\0\314\1\0\00\4\0\0" ... {28, 56, reply, 0, 460, 468, 1602, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOP\1\0\0\314\1\0\00\4\0\0" )  ) == 0x0
 00885   468   NtResumeThread  (336, ... 1, ) == 0x0
 00886   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 66846720, 1048576, ) == 0x0
 00887   468   NtAllocateVirtualMemory  (-1, 67887104, 0, 8192, 4096, 4, ...
 00888  1072   NtWaitForSingleObject  (96, 0, 0x0, ...
 00887   468   NtAllocateVirtualMemory  ... 67887104, 8192, ) == 0x0
 00889   468   NtProtectVirtualMemory  (-1, (0x40be000), 4096, 260, ... (0x40be000), 4096, 4, ) == 0x0
 00890   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 340, {460, 1208}, ) == 0x0
 00891   468   NtQueryInformationThread  (340, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff83000,Pid=460,Tid=1208,}, 0x0, ) == 0x0
 00892   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1602, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1602, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOT\1\0\0\314\1\0\0\270\4\0\0" ... {28, 56, reply, 0, 460, 468, 1603, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOT\1\0\0\314\1\0\0\270\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1603, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1602, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOT\1\0\0\314\1\0\0\270\4\0\0" ... {28, 56, reply, 0, 460, 468, 1603, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOT\1\0\0\314\1\0\0\270\4\0\0" )  ) == 0x0
 00893   468   NtResumeThread  (340, ... 1, ) == 0x0
 00894  1208   NtWaitForSingleObject  (96, 0, 0x0, ...
 00895   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 67895296, 1048576, ) == 0x0
 00896   468   NtAllocateVirtualMemory  (-1, 68935680, 0, 8192, 4096, 4, ... 68935680, 8192, ) == 0x0
 00897   468   NtProtectVirtualMemory  (-1, (0x41be000), 4096, 260, ... (0x41be000), 4096, 4, ) == 0x0
 00898   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 344, {460, 1216}, ) == 0x0
 00899   468   NtQueryInformationThread  (344, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff82000,Pid=460,Tid=1216,}, 0x0, ) == 0x0
 00900   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1603, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1603, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOX\1\0\0\314\1\0\0\300\4\0\0" ... {28, 56, reply, 0, 460, 468, 1604, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOX\1\0\0\314\1\0\0\300\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1604, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1603, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOX\1\0\0\314\1\0\0\300\4\0\0" ... {28, 56, reply, 0, 460, 468, 1604, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOX\1\0\0\314\1\0\0\300\4\0\0" )  ) == 0x0
 00901   468   NtResumeThread  (344, ... 1, ) == 0x0
 00902   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 68943872, 1048576, ) == 0x0
 00903   468   NtAllocateVirtualMemory  (-1, 69984256, 0, 8192, 4096, 4, ...
 00904  1216   NtWaitForSingleObject  (96, 0, 0x0, ...
 00903   468   NtAllocateVirtualMemory  ... 69984256, 8192, ) == 0x0
 00905   468   NtProtectVirtualMemory  (-1, (0x42be000), 4096, 260, ... (0x42be000), 4096, 4, ) == 0x0
 00906   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 348, {460, 1224}, ) == 0x0
 00907   468   NtQueryInformationThread  (348, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff81000,Pid=460,Tid=1224,}, 0x0, ) == 0x0
 00908   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1604, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1604, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\\1\0\0\314\1\0\0\310\4\0\0" ... {28, 56, reply, 0, 460, 468, 1605, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\\1\0\0\314\1\0\0\310\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1605, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1604, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\\1\0\0\314\1\0\0\310\4\0\0" ... {28, 56, reply, 0, 460, 468, 1605, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\\1\0\0\314\1\0\0\310\4\0\0" )  ) == 0x0
 00909   468   NtResumeThread  (348, ... 1, ) == 0x0
 00910  1224   NtWaitForSingleObject  (96, 0, 0x0, ...
 00911   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 69992448, 1048576, ) == 0x0
 00912   468   NtAllocateVirtualMemory  (-1, 71032832, 0, 8192, 4096, 4, ... 71032832, 8192, ) == 0x0
 00913   468   NtProtectVirtualMemory  (-1, (0x43be000), 4096, 260, ... (0x43be000), 4096, 4, ) == 0x0
 00914   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 352, {460, 1232}, ) == 0x0
 00915   468   NtQueryInformationThread  (352, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff80000,Pid=460,Tid=1232,}, 0x0, ) == 0x0
 00916   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1605, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1605, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO`\1\0\0\314\1\0\0\320\4\0\0" ... {28, 56, reply, 0, 460, 468, 1606, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO`\1\0\0\314\1\0\0\320\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1606, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1605, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO`\1\0\0\314\1\0\0\320\4\0\0" ... {28, 56, reply, 0, 460, 468, 1606, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO`\1\0\0\314\1\0\0\320\4\0\0" )  ) == 0x0
 00917   468   NtResumeThread  (352, ... 1, ) == 0x0
 00918   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 71041024, 1048576, ) == 0x0
 00919   468   NtAllocateVirtualMemory  (-1, 72081408, 0, 8192, 4096, 4, ...
 00920  1232   NtWaitForSingleObject  (96, 0, 0x0, ...
 00919   468   NtAllocateVirtualMemory  ... 72081408, 8192, ) == 0x0
 00921   468   NtProtectVirtualMemory  (-1, (0x44be000), 4096, 260, ... (0x44be000), 4096, 4, ) == 0x0
 00922   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 356, {460, 1236}, ) == 0x0
 00923   468   NtQueryInformationThread  (356, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7f000,Pid=460,Tid=1236,}, 0x0, ) == 0x0
 00924   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1606, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1606, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOd\1\0\0\314\1\0\0\324\4\0\0" ... {28, 56, reply, 0, 460, 468, 1607, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOd\1\0\0\314\1\0\0\324\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1607, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1606, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOd\1\0\0\314\1\0\0\324\4\0\0" ... {28, 56, reply, 0, 460, 468, 1607, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOd\1\0\0\314\1\0\0\324\4\0\0" )  ) == 0x0
 00925   468   NtResumeThread  (356, ... 1, ) == 0x0
 00926  1236   NtWaitForSingleObject  (96, 0, 0x0, ...
 00927   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 72089600, 1048576, ) == 0x0
 00928   468   NtAllocateVirtualMemory  (-1, 73129984, 0, 8192, 4096, 4, ... 73129984, 8192, ) == 0x0
 00929   468   NtProtectVirtualMemory  (-1, (0x45be000), 4096, 260, ... (0x45be000), 4096, 4, ) == 0x0
 00930   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 360, {460, 1252}, ) == 0x0
 00931   468   NtQueryInformationThread  (360, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7e000,Pid=460,Tid=1252,}, 0x0, ) == 0x0
 00932   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1607, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1607, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOh\1\0\0\314\1\0\0\344\4\0\0" ...  ...
 00832   876   NtQueryAttributesFile  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00933   876   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\DNSAPI.dll"}, 14412960, ... ) }, 14412960, ... ) == 0x0
 00934   876   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\DNSAPI.dll"}, 5, 96, ... }, 5, 96, ...
 00932   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1608, 0}  ... {28, 56, reply, 0, 460, 468, 1608, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOh\1\0\0\314\1\0\0\344\4\0\0" )  ) == 0x0
 00935   468   NtResumeThread  (360, ... 1, ) == 0x0
 00936   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 73138176, 1048576, ) == 0x0
 00937   468   NtAllocateVirtualMemory  (-1, 74178560, 0, 8192, 4096, 4, ... 74178560, 8192, ) == 0x0
 00938   468   NtProtectVirtualMemory  (-1, (0x46be000), 4096, 260, ... (0x46be000), 4096, 4, ) == 0x0
 00939   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 364, {460, 712}, ) == 0x0
 00940   468   NtQueryInformationThread  (364, Basic, 28, ...
 00934   876   NtOpenFile  ... 368, {status=0x0, info=1}, ) == 0x0
 00941  1252   NtWaitForSingleObject  (96, 0, 0x0, ...
 00942   876   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 368, ... 372, ) == 0x0
 00943   876   NtQuerySection  (372, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00944   876   NtClose  (368, ... ) == 0x0
 00945   876   NtMapViewOfSection  (372, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x76f20000), 0x0, 151552, ) == 0x0
 00946   876   NtClose  (372, ... ) == 0x0
 00940   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff7d000,Pid=460,Tid=712,}, 0x0, ) == 0x0
 00947   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1608, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1608, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOl\1\0\0\314\1\0\0\310\2\0\0" ... {28, 56, reply, 0, 460, 468, 1609, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOl\1\0\0\314\1\0\0\310\2\0\0" )  ... {28, 56, reply, 0, 460, 468, 1609, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1608, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOl\1\0\0\314\1\0\0\310\2\0\0" ... {28, 56, reply, 0, 460, 468, 1609, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOl\1\0\0\314\1\0\0\310\2\0\0" )  ) == 0x0
 00948   468   NtResumeThread  (364, ... 1, ) == 0x0
 00949   876   NtCreateKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... }, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... , 0, ...
 00950   712   NtWaitForSingleObject  (96, 0, 0x0, ...
 00949   876   NtCreateKey  ... 372, 2, ) == 0x0
 00951   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\DnsCache\Parameters"}, ... 368, ) }, ... 368, ) == 0x0
 00952   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Policies\Microsoft\Windows NT\DnsClient"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00953   876   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\DNS"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00954   876   NtQueryValueKey  (368,  (368, "QueryAdapterName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00955   876   NtQueryValueKey  (372,  (372, "DisableAdapterDomainName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00956   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 74186752, 1048576, ) == 0x0
 00957   468   NtAllocateVirtualMemory  (-1, 75227136, 0, 8192, 4096, 4, ... 75227136, 8192, ) == 0x0
 00958   468   NtProtectVirtualMemory  (-1, (0x47be000), 4096, 260, ... (0x47be000), 4096, 4, ) == 0x0
 00959   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 376, {460, 1256}, ) == 0x0
 00960   468   NtQueryInformationThread  (376, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7c000,Pid=460,Tid=1256,}, 0x0, ) == 0x0
 00961   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1609, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1609, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOx\1\0\0\314\1\0\0\350\4\0\0" ...  ...
 00962   876   NtQueryValueKey  (368,  (368, "UseDomainNameDevolution", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00963   876   NtQueryValueKey  (372,  (372, "UseDomainNameDevolution", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (372, "UseDomainNameDevolution", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00964   876   NtQueryValueKey  (368,  (368, "PrioritizeRecordData", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00961   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1610, 0}  ... {28, 56, reply, 0, 460, 468, 1610, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOx\1\0\0\314\1\0\0\350\4\0\0" )  ) == 0x0
 00965   468   NtResumeThread  (376, ... 1, ) == 0x0
 00966   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 75235328, 1048576, ) == 0x0
 00967   468   NtAllocateVirtualMemory  (-1, 76275712, 0, 8192, 4096, 4, ... 76275712, 8192, ) == 0x0
 00968   468   NtProtectVirtualMemory  (-1, (0x48be000), 4096, 260, ... (0x48be000), 4096, 4, ) == 0x0
 00969   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 380, {460, 1240}, ) == 0x0
 00970   468   NtQueryInformationThread  (380, Basic, 28, ...
 00971   876   NtQueryValueKey  (372,  (372, "PrioritizeRecordData", Partial, 144, ... , Partial, 144, ...
 00972  1256   NtWaitForSingleObject  (96, 0, 0x0, ...
 00971   876   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00973   876   NtQueryValueKey  (368,  (368, "AllowUnqualifiedQuery", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00974   876   NtQueryValueKey  (372,  (372, "AllowUnqualifiedQuery", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00975   876   NtQueryValueKey  (368,  (368, "AppendToMultiLabelName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00976   876   NtQueryValueKey  (368,  (368, "ScreenBadTlds", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00977   876   NtQueryValueKey  (368,  (368, "ScreenUnreachableServers", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00970   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff7b000,Pid=460,Tid=1240,}, 0x0, ) == 0x0
 00978   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1610, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1610, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO|\1\0\0\314\1\0\0\330\4\0\0" ... {28, 56, reply, 0, 460, 468, 1611, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO|\1\0\0\314\1\0\0\330\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1611, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1610, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO|\1\0\0\314\1\0\0\330\4\0\0" ... {28, 56, reply, 0, 460, 468, 1611, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO|\1\0\0\314\1\0\0\330\4\0\0" )  ) == 0x0
 00979   468   NtResumeThread  (380, ... 1, ) == 0x0
 00980   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 76283904, 1048576, ) == 0x0
 00981   468   NtAllocateVirtualMemory  (-1, 77324288, 0, 8192, 4096, 4, ... 77324288, 8192, ) == 0x0
 00982   468   NtProtectVirtualMemory  (-1, (0x49be000), 4096, 260, ... (0x49be000), 4096, 4, ) == 0x0
 00983   876   NtQueryValueKey  (368,  (368, "FilterClusterIp", Partial, 144, ... , Partial, 144, ...
 00984  1240   NtWaitForSingleObject  (96, 0, 0x0, ...
 00983   876   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00985   876   NtQueryValueKey  (368,  (368, "WaitForNameErrorOnAll", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00986   876   NtQueryValueKey  (368,  (368, "UseEdns", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00987   876   NtQueryValueKey  (368,  (368, "RegistrationEnabled", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00988   876   NtQueryValueKey  (372,  (372, "DisableDynamicUpdate", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00989   876   NtQueryValueKey  (368,  (368, "RegisterPrimaryName", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00990   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 384, {460, 1244}, ) == 0x0
 00991   468   NtQueryInformationThread  (384, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff7a000,Pid=460,Tid=1244,}, 0x0, ) == 0x0
 00992   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1611, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1611, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\200\1\0\0\314\1\0\0\334\4\0\0" ... {28, 56, reply, 0, 460, 468, 1612, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\200\1\0\0\314\1\0\0\334\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1612, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1611, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\200\1\0\0\314\1\0\0\334\4\0\0" ... {28, 56, reply, 0, 460, 468, 1612, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\200\1\0\0\314\1\0\0\334\4\0\0" )  ) == 0x0
 00993   468   NtResumeThread  (384, ... 1, ) == 0x0
 00994   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 77332480, 1048576, ) == 0x0
 00995   468   NtAllocateVirtualMemory  (-1, 78372864, 0, 8192, 4096, 4, ...
 00996   876   NtQueryValueKey  (368,  (368, "RegisterAdapterName", Partial, 144, ... , Partial, 144, ...
 00997  1244   NtWaitForSingleObject  (96, 0, 0x0, ...
 00996   876   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00998   876   NtQueryValueKey  (372,  (372, "EnableAdapterDomainNameRegistration", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00999   876   NtQueryValueKey  (368,  (368, "RegisterReverseLookup", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01000   876   NtQueryValueKey  (372,  (372, "DisableReverseAddressRegistrations", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01001   876   NtQueryValueKey  (368,  (368, "RegisterWanAdapters", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01002   876   NtQueryValueKey  (372,  (372, "DisableWanDynamicUpdate", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00995   468   NtAllocateVirtualMemory  ... 78372864, 8192, ) == 0x0
 01003   468   NtProtectVirtualMemory  (-1, (0x4abe000), 4096, 260, ... (0x4abe000), 4096, 4, ) == 0x0
 01004   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 388, {460, 1296}, ) == 0x0
 01005   468   NtQueryInformationThread  (388, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff79000,Pid=460,Tid=1296,}, 0x0, ) == 0x0
 01006   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1612, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1612, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\204\1\0\0\314\1\0\0\20\5\0\0" ... {28, 56, reply, 0, 460, 468, 1613, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\204\1\0\0\314\1\0\0\20\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1613, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1612, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\204\1\0\0\314\1\0\0\20\5\0\0" ... {28, 56, reply, 0, 460, 468, 1613, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\204\1\0\0\314\1\0\0\20\5\0\0" )  ) == 0x0
 01007   468   NtResumeThread  (388, ... 1, ) == 0x0
 01008   876   NtQueryValueKey  (368,  (368, "RegistrationOverwritesInConflict", Partial, 144, ... , Partial, 144, ...
 01009  1296   NtWaitForSingleObject  (96, 0, 0x0, ...
 01008   876   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01010   876   NtQueryValueKey  (372,  (372, "DisableReplaceAddressesInConflicts", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01011   876   NtQueryValueKey  (368,  (368, "RegistrationTtl", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01012   876   NtQueryValueKey  (372,  (372, "DefaultRegistrationTTL", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01013   876   NtQueryValueKey  (368,  (368, "RegistrationRefreshInterval", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01014   876   NtQueryValueKey  (372,  (372, "DefaultRegistrationRefreshInterval", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01015   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 78381056, 1048576, ) == 0x0
 01016   468   NtAllocateVirtualMemory  (-1, 79421440, 0, 8192, 4096, 4, ... 79421440, 8192, ) == 0x0
 01017   468   NtProtectVirtualMemory  (-1, (0x4bbe000), 4096, 260, ... (0x4bbe000), 4096, 4, ) == 0x0
 01018   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 392, {460, 1300}, ) == 0x0
 01019   468   NtQueryInformationThread  (392, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff78000,Pid=460,Tid=1300,}, 0x0, ) == 0x0
 01020   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1613, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1613, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\210\1\0\0\314\1\0\0\24\5\0\0" ...  ...
 01021   876   NtQueryValueKey  (368,  (368, "RegistrationMaxAddressCount", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01022   876   NtQueryValueKey  (372,  (372, "MaxNumberOfAddressesToRegister", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01023   876   NtQueryValueKey  (368,  (368, "UpdateSecurityLevel", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01020   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1614, 0}  ... {28, 56, reply, 0, 460, 468, 1614, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\210\1\0\0\314\1\0\0\24\5\0\0" )  ) == 0x0
 01024   468   NtResumeThread  (392, ... 1, ) == 0x0
 01025   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 79429632, 1048576, ) == 0x0
 01026   468   NtAllocateVirtualMemory  (-1, 80470016, 0, 8192, 4096, 4, ... 80470016, 8192, ) == 0x0
 01027   468   NtProtectVirtualMemory  (-1, (0x4cbe000), 4096, 260, ... (0x4cbe000), 4096, 4, ) == 0x0
 01028   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 396, {460, 1292}, ) == 0x0
 01029   468   NtQueryInformationThread  (396, Basic, 28, ...
 01030   876   NtQueryValueKey  (372,  (372, "UpdateSecurityLevel", Partial, 144, ... , Partial, 144, ...
 01031  1300   NtWaitForSingleObject  (96, 0, 0x0, ...
 01030   876   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01032   876   NtQueryValueKey  (368,  (368, "UpdateZoneExcludeFile", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01033   876   NtQueryValueKey  (368,  (368, "UpdateTopLevelDomainZones", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01034   876   NtQueryValueKey  (368,  (368, "DnsTest", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01035   876   NtQueryValueKey  (368,  (368, "MaxCacheSize", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01036   876   NtQueryValueKey  (368,  (368, "MaxCacheTtl", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01029   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff77000,Pid=460,Tid=1292,}, 0x0, ) == 0x0
 01037   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1614, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1614, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\214\1\0\0\314\1\0\0\14\5\0\0" ... {28, 56, reply, 0, 460, 468, 1615, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\214\1\0\0\314\1\0\0\14\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1615, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1614, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\214\1\0\0\314\1\0\0\14\5\0\0" ... {28, 56, reply, 0, 460, 468, 1615, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\214\1\0\0\314\1\0\0\14\5\0\0" )  ) == 0x0
 01038   468   NtResumeThread  (396, ... 1, ) == 0x0
 01039   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 80478208, 1048576, ) == 0x0
 01040   468   NtAllocateVirtualMemory  (-1, 81518592, 0, 8192, 4096, 4, ... 81518592, 8192, ) == 0x0
 01041   468   NtProtectVirtualMemory  (-1, (0x4dbe000), 4096, 260, ... (0x4dbe000), 4096, 4, ) == 0x0
 01042   876   NtQueryValueKey  (368,  (368, "MaxNegativeCacheTtl", Partial, 144, ... , Partial, 144, ...
 01043  1292   NtWaitForSingleObject  (96, 0, 0x0, ...
 01042   876   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01044   876   NtQueryValueKey  (368,  (368, "AdapterTimeoutLimit", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01045   876   NtQueryValueKey  (368,  (368, "ServerPriorityTimeLimit", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01046   876   NtQueryValueKey  (368,  (368, "MaxCachedSockets", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01047   876   NtQueryValueKey  (368,  (368, "UseMulticast", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01048   876   NtQueryValueKey  (368,  (368, "MulticastOnNameError", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01049   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 400, {460, 1304}, ) == 0x0
 01050   468   NtQueryInformationThread  (400, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff76000,Pid=460,Tid=1304,}, 0x0, ) == 0x0
 01051   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1615, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1615, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\220\1\0\0\314\1\0\0\30\5\0\0" ... {28, 56, reply, 0, 460, 468, 1616, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\220\1\0\0\314\1\0\0\30\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1616, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1615, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\220\1\0\0\314\1\0\0\30\5\0\0" ... {28, 56, reply, 0, 460, 468, 1616, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\220\1\0\0\314\1\0\0\30\5\0\0" )  ) == 0x0
 01052   468   NtResumeThread  (400, ... 1, ) == 0x0
 01053   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 81526784, 1048576, ) == 0x0
 01054   468   NtAllocateVirtualMemory  (-1, 82567168, 0, 8192, 4096, 4, ...
 01055   876   NtQueryValueKey  (368,  (368, "UseDotLocalDomain", Partial, 144, ... , Partial, 144, ...
 01056  1304   NtWaitForSingleObject  (96, 0, 0x0, ...
 01055   876   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01057   876   NtQueryValueKey  (368,  (368, "ListenOnMulticast", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01058   876   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "System\Setup"}, ... 404, ) }, ... 404, ) == 0x0
 01059   876   NtQueryValueKey  (404,  (404, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (404, "SystemSetupInProgress", Partial, 144, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 01060   876   NtClose  (404, ... ) == 0x0
 01061   876   NtClose  (372, ... ) == 0x0
 01054   468   NtAllocateVirtualMemory  ... 82567168, 8192, ) == 0x0
 01062   468   NtProtectVirtualMemory  (-1, (0x4ebe000), 4096, 260, ... (0x4ebe000), 4096, 4, ) == 0x0
 01063   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 372, {460, 1272}, ) == 0x0
 01064   468   NtQueryInformationThread  (372, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff75000,Pid=460,Tid=1272,}, 0x0, ) == 0x0
 01065   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1616, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1616, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOt\1\0\0\314\1\0\0\370\4\0\0" ... {28, 56, reply, 0, 460, 468, 1617, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOt\1\0\0\314\1\0\0\370\4\0\0" )  ... {28, 56, reply, 0, 460, 468, 1617, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1616, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOt\1\0\0\314\1\0\0\370\4\0\0" ... {28, 56, reply, 0, 460, 468, 1617, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOt\1\0\0\314\1\0\0\370\4\0\0" )  ) == 0x0
 01066   468   NtResumeThread  (372, ... 1, ) == 0x0
 01067   876   NtClose  (368, ...
 01068  1272   NtWaitForSingleObject  (96, 0, 0x0, ...
 01067   876   NtClose  ... ) == 0x0
 01069   876   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, ... 368, ) }, ... 368, ) == 0x0
 01070   876   NtQueryValueKey  (368,  (368, "DnsQueryTimeouts", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01071   876   NtQueryValueKey  (368,  (368, "DnsQuickQueryTimeouts", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01072   876   NtQueryValueKey  (368,  (368, "DnsMulticastQueryTimeouts", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 01073   876   NtClose  (368, ... ) == 0x0
 01074   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 82575360, 1048576, ) == 0x0
 01075   468   NtAllocateVirtualMemory  (-1, 83615744, 0, 8192, 4096, 4, ... 83615744, 8192, ) == 0x0
 01076   468   NtProtectVirtualMemory  (-1, (0x4fbe000), 4096, 260, ... (0x4fbe000), 4096, 4, ) == 0x0
 01077   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 368, {460, 1312}, ) == 0x0
 01078   468   NtQueryInformationThread  (368, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff74000,Pid=460,Tid=1312,}, 0x0, ) == 0x0
 01079   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1617, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1617, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOp\1\0\0\314\1\0\0 \5\0\0" ...  ...
 01080   876   NtSetEventBoostPriority  (96, ...
 00501   884   NtWaitForSingleObject  ... ) == 0x0
 01081   884   NtSetEventBoostPriority  (96, ...
 00506   864   NtWaitForSingleObject  ... ) == 0x0
 01082   864   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\wshtcpip.dll"}, 11007088, ... ) }, 11007088, ... ) == 0x0
 01081   884   NtSetEventBoostPriority  ... ) == 0x0
 01080   876   NtSetEventBoostPriority  ... ) == 0x0
 01079   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1618, 0}  ... {28, 56, reply, 0, 460, 468, 1618, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOp\1\0\0\314\1\0\0 \5\0\0" )  ) == 0x0
 01083   864   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\wshtcpip.dll"}, 5, 96, ... }, 5, 96, ...
 01084   876   NtWaitForSingleObject  (96, 0, 0x0, ...
 01085   468   NtResumeThread  (368, ...
 01083   864   NtOpenFile  ... 404, {status=0x0, info=1}, ) == 0x0
 01085   468   NtResumeThread  ... 1, ) == 0x0
 01086   864   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 404, ...
 01087   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01086   864   NtCreateSection  ... 408, ) == 0x0
 01087   468   NtAllocateVirtualMemory  ... 83623936, 1048576, ) == 0x0
 01088   864   NtClose  (404, ...
 01089   468   NtAllocateVirtualMemory  (-1, 84664320, 0, 8192, 4096, 4, ...
 01088   864   NtClose  ... ) == 0x0
 01090   884   NtTestAlert  (...
 01091  1312   NtWaitForSingleObject  (96, 0, 0x0, ...
 01089   468   NtAllocateVirtualMemory  ... 84664320, 8192, ) == 0x0
 01090   884   NtTestAlert  ... ) == 0x0
 01092   468   NtProtectVirtualMemory  (-1, (0x50be000), 4096, 260, ...
 01093   884   NtContinue  (16514352, 1, ...
 01092   468   NtProtectVirtualMemory  ... (0x50be000), 4096, 4, ) == 0x0
 01094   884   NtRegisterThreadTerminatePort  (24, ...
 01095   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01094   884   NtRegisterThreadTerminatePort  ... ) == 0x0
 01095   468   NtCreateThread  ... 404, {460, 1316}, ) == 0x0
 01096   884   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01097   468   NtQueryInformationThread  (404, Basic, 28, ...
 01098   864   NtMapViewOfSection  (408, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ...
 01096   884   NtDuplicateObject  ... 412, ) == 0x0
 01098   864   NtMapViewOfSection  ... (0x850000), 0x0, 20480, ) == 0x0
 01099   884   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01100   864   NtClose  (408, ...
 01099   884   NtWaitForSingleObject  ... ) == 0x102
 01100   864   NtClose  ... ) == 0x0
 01101   884   NtWaitForSingleObject  (132, 0, 0x0, ...
 01102   864   NtUnmapViewOfSection  (-1, 0x850000, ... ) == 0x0
 01103   864   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\wshtcpip.dll"}, 11007404, ... ) }, 11007404, ... ) == 0x0
 01104   864   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\wshtcpip.dll"}, 5, 96, ... 408, {status=0x0, info=1}, ) }, 5, 96, ... 408, {status=0x0, info=1}, ) == 0x0
 01105   864   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 408, ... 416, ) == 0x0
 01097   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff73000,Pid=460,Tid=1316,}, 0x0, ) == 0x0
 01106   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1618, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1618, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\224\1\0\0\314\1\0\0$\5\0\0" ... {28, 56, reply, 0, 460, 468, 1619, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\224\1\0\0\314\1\0\0$\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1619, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1618, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\224\1\0\0\314\1\0\0$\5\0\0" ... {28, 56, reply, 0, 460, 468, 1619, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\224\1\0\0\314\1\0\0$\5\0\0" )  ) == 0x0
 01107   468   NtResumeThread  (404, ... 1, ) == 0x0
 01108   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 84672512, 1048576, ) == 0x0
 01109   468   NtAllocateVirtualMemory  (-1, 85712896, 0, 8192, 4096, 4, ... 85712896, 8192, ) == 0x0
 01110   468   NtProtectVirtualMemory  (-1, (0x51be000), 4096, 260, ... (0x51be000), 4096, 4, ) == 0x0
 01111   864   NtQuerySection  (416, Image, 48, ...
 01112  1316   NtWaitForSingleObject  (96, 0, 0x0, ...
 01111   864   NtQuerySection  ... {section info, class 1, size 48}, 0x0, ) == 0x0
 01113   864   NtClose  (408, ... ) == 0x0
 01114   864   NtMapViewOfSection  (416, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x71a90000), 0x0, 32768, ) == 0x0
 01115   864   NtClose  (416, ... ) == 0x0
 01116   864   NtSetEventBoostPriority  (96, ...
 00509   888   NtWaitForSingleObject  ... ) == 0x0
 01117   888   NtSetEventBoostPriority  (96, ...
 00519   892   NtWaitForSingleObject  ... ) == 0x0
 01118   892   NtSetEventBoostPriority  (96, ...
 00525   308   NtWaitForSingleObject  ... ) == 0x0
 01119   308   NtSetEventBoostPriority  (96, ...
 00535   912   NtWaitForSingleObject  ... ) == 0x0
 01120   912   NtSetEventBoostPriority  (96, ...
 00541   916   NtWaitForSingleObject  ... ) == 0x0
 01121   916   NtSetEventBoostPriority  (96, ...
 00551   920   NtWaitForSingleObject  ... ) == 0x0
 01122   920   NtSetEventBoostPriority  (96, ...
 00557   908   NtWaitForSingleObject  ... ) == 0x0
 01123   908   NtSetEventBoostPriority  (96, ...
 00567   924   NtWaitForSingleObject  ... ) == 0x0
 01124   924   NtSetEventBoostPriority  (96, ...
 00573   928   NtWaitForSingleObject  ... ) == 0x0
 01125   928   NtSetEventBoostPriority  (96, ...
 00583   932   NtWaitForSingleObject  ... ) == 0x0
 01126   932   NtAllocateVirtualMemory  (-1, 8798208, 0, 4096, 4096, 4, ... 8798208, 4096, ) == 0x0
 01125   928   NtSetEventBoostPriority  ... ) == 0x0
 01124   924   NtSetEventBoostPriority  ... ) == 0x0
 01123   908   NtSetEventBoostPriority  ... ) == 0x0
 01122   920   NtSetEventBoostPriority  ... ) == 0x0
 01121   916   NtSetEventBoostPriority  ... ) == 0x0
 01120   912   NtSetEventBoostPriority  ... ) == 0x0
 01119   308   NtSetEventBoostPriority  ... ) == 0x0
 01118   892   NtSetEventBoostPriority  ... ) == 0x0
 01117   888   NtSetEventBoostPriority  ... ) == 0x0
 01116   864   NtSetEventBoostPriority  ... ) == 0x0
 01127   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01128   932   NtSetEventBoostPriority  (96, ...
 01129   928   NtTestAlert  (...
 01130   924   NtTestAlert  (...
 01131   908   NtTestAlert  (...
 01132   920   NtTestAlert  (...
 01133   916   NtTestAlert  (...
 01134   912   NtTestAlert  (...
 01135   308   NtTestAlert  (...
 01136   892   NtTestAlert  (...
 01137   864   NtClose  (148, ...
 01127   468   NtCreateThread  ... 416, {460, 1180}, ) == 0x0
 00589   936   NtWaitForSingleObject  ... ) == 0x0
 01128   932   NtSetEventBoostPriority  ... ) == 0x0
 01129   928   NtTestAlert  ... ) == 0x0
 01130   924   NtTestAlert  ... ) == 0x0
 01131   908   NtTestAlert  ... ) == 0x0
 01132   920   NtTestAlert  ... ) == 0x0
 01133   916   NtTestAlert  ... ) == 0x0
 01134   912   NtTestAlert  ... ) == 0x0
 01135   308   NtTestAlert  ... ) == 0x0
 01136   892   NtTestAlert  ... ) == 0x0
 01137   864   NtClose  ... ) == 0x0
 01138   936   NtSetEventBoostPriority  (96, ...
 01139   468   NtQueryInformationThread  (416, Basic, 28, ...
 01140   932   NtTestAlert  (...
 01141   928   NtContinue  (25951536, 1, ...
 01142   924   NtContinue  (24902960, 1, ...
 01143   908   NtContinue  (23854384, 1, ...
 01144   920   NtContinue  (22805808, 1, ...
 01145   916   NtContinue  (21757232, 1, ...
 01146   912   NtContinue  (20708656, 1, ...
 01147   308   NtContinue  (19660080, 1, ...
 01148   892   NtContinue  (18611504, 1, ...
 01149   888   NtTestAlert  (...
 00599   940   NtWaitForSingleObject  ... ) == 0x0
 01138   936   NtSetEventBoostPriority  ... ) == 0x0
 01139   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff72000,Pid=460,Tid=1180,}, 0x0, ) == 0x0
 01140   932   NtTestAlert  ... ) == 0x0
 01150   928   NtRegisterThreadTerminatePort  (24, ...
 01151   924   NtRegisterThreadTerminatePort  (24, ...
 01152   908   NtRegisterThreadTerminatePort  (24, ...
 01153   920   NtRegisterThreadTerminatePort  (24, ...
 01154   916   NtRegisterThreadTerminatePort  (24, ...
 01155   912   NtRegisterThreadTerminatePort  (24, ...
 01156   308   NtRegisterThreadTerminatePort  (24, ...
 01157   892   NtRegisterThreadTerminatePort  (24, ...
 01158   940   NtSetEventBoostPriority  (96, ...
 01149   888   NtTestAlert  ... ) == 0x0
 01159   864   NtWaitForSingleObject  (96, 0, 0x0, ...
 01160   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1619, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1619, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\240\1\0\0\314\1\0\0\234\4\0\0" ...  ...
 01161   932   NtContinue  (27000112, 1, ...
 01150   928   NtRegisterThreadTerminatePort  ... ) == 0x0
 01151   924   NtRegisterThreadTerminatePort  ... ) == 0x0
 01152   908   NtRegisterThreadTerminatePort  ... ) == 0x0
 01153   920   NtRegisterThreadTerminatePort  ... ) == 0x0
 01154   916   NtRegisterThreadTerminatePort  ... ) == 0x0
 01155   912   NtRegisterThreadTerminatePort  ... ) == 0x0
 01156   308   NtRegisterThreadTerminatePort  ... ) == 0x0
 00605   944   NtWaitForSingleObject  ... ) == 0x0
 01158   940   NtSetEventBoostPriority  ... ) == 0x0
 01157   892   NtRegisterThreadTerminatePort  ... ) == 0x0
 01162   888   NtContinue  (17562928, 1, ...
 01163   932   NtRegisterThreadTerminatePort  (24, ...
 01164   928   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01165   924   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01166   908   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01167   920   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01168   916   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01169   912   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01170   944   NtSetEventBoostPriority  (96, ...
 01171   308   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01172   936   NtTestAlert  (...
 01160   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1620, 0}  ... {28, 56, reply, 0, 460, 468, 1620, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\240\1\0\0\314\1\0\0\234\4\0\0" )  ) == 0x0
 01173   892   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01174   888   NtRegisterThreadTerminatePort  (24, ...
 01175   940   NtTestAlert  (...
 01163   932   NtRegisterThreadTerminatePort  ... ) == 0x0
 01164   928   NtDuplicateObject  ... 148, ) == 0x0
 01165   924   NtDuplicateObject  ... 408, ) == 0x0
 01166   908   NtDuplicateObject  ... 420, ) == 0x0
 01167   920   NtDuplicateObject  ... 424, ) == 0x0
 01168   916   NtDuplicateObject  ... 428, ) == 0x0
 00615   948   NtWaitForSingleObject  ... ) == 0x0
 01170   944   NtSetEventBoostPriority  ... ) == 0x0
 01169   912   NtDuplicateObject  ... 432, ) == 0x0
 01172   936   NtTestAlert  ... ) == 0x0
 01176   468   NtResumeThread  (416, ...
 01171   308   NtDuplicateObject  ... 436, ) == 0x0
 01174   888   NtRegisterThreadTerminatePort  ... ) == 0x0
 01175   940   NtTestAlert  ... ) == 0x0
 01177   932   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01178   928   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01179   924   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01180   908   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01181   920   NtAllocateVirtualMemory  (-1, 1351680, 0, 4096, 4096, 4, ...
 01182   948   NtSetEventBoostPriority  (96, ...
 01183   916   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01173   892   NtDuplicateObject  ... 440, ) == 0x0
 01184   912   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01185   936   NtContinue  (28048688, 1, ...
 01176   468   NtResumeThread  ... 1, ) == 0x0
 01186   308   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01187   888   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01188   940   NtContinue  (29097264, 1, ...
 01177   932   NtDuplicateObject  ... 444, ) == 0x0
 01178   928   NtWaitForSingleObject  ... ) == 0x102
 01179   924   NtWaitForSingleObject  ... ) == 0x102
 01180   908   NtWaitForSingleObject  ... ) == 0x102
 00621   952   NtWaitForSingleObject  ... ) == 0x0
 01182   948   NtSetEventBoostPriority  ... ) == 0x0
 01181   920   NtAllocateVirtualMemory  ... 1351680, 4096, ) == 0x0
 01183   916   NtCreateEvent  ... 448, ) == 0x0
 01189   892   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01184   912   NtCreateEvent  ... 452, ) == 0x0
 01190   936   NtRegisterThreadTerminatePort  (24, ...
 01191   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01186   308   NtCreateEvent  ... 456, ) == 0x0
 01192   944   NtTestAlert  (...
 01193  1180   NtWaitForSingleObject  (96, 0, 0x0, ...
 01194   940   NtRegisterThreadTerminatePort  (24, ...
 01195   932   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01196   928   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01197   924   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01198   952   NtSetEventBoostPriority  (96, ...
 01199   908   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01187   888   NtCreateEvent  ... 460, ) == 0x0
 01200   920   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01201   916   NtWaitForSingleObject  (448, 0, 0x0, ...
 01189   892   NtCreateEvent  ... 464, ) == 0x0
 01202   912   NtClose  (452, ...
 01190   936   NtRegisterThreadTerminatePort  ... ) == 0x0
 01191   468   NtAllocateVirtualMemory  ... 85721088, 1048576, ) == 0x0
 01203   308   NtClose  (456, ...
 01192   944   NtTestAlert  ... ) == 0x0
 01194   940   NtRegisterThreadTerminatePort  ... ) == 0x0
 01195   932   NtCreateEvent  ... 468, ) == 0x0
 01196   928   NtCreateEvent  ... 472, ) == 0x0
 00631   956   NtWaitForSingleObject  ... ) == 0x0
 01198   952   NtSetEventBoostPriority  ... ) == 0x0
 01197   924   NtCreateEvent  ... 476, ) == 0x0
 01199   908   NtCreateEvent  ... 480, ) == 0x0
 01204   888   NtClose  (460, ...
 01200   920   NtCreateEvent  ... 484, ) == 0x0
 01205   892   NtClose  (464, ...
 01202   912   NtClose  ... ) == 0x0
 01206   936   NtWaitForSingleObject  (448, 0, 0x0, ...
 01207   468   NtAllocateVirtualMemory  (-1, 86761472, 0, 8192, 4096, 4, ...
 01203   308   NtClose  ... ) == 0x0
 01208   944   NtContinue  (30145840, 1, ...
 01209   940   NtWaitForSingleObject  (448, 0, 0x0, ...
 01210   932   NtClose  (468, ...
 01211   948   NtTestAlert  (...
 01212   956   NtSetEventBoostPriority  (96, ...
 01213   928   NtClose  (472, ...
 01214   952   NtTestAlert  (...
 01215   924   NtClose  (476, ...
 01204   888   NtClose  ... ) == 0x0
 01216   920   NtClose  (484, ...
 01205   892   NtClose  ... ) == 0x0
 01217   912   NtWaitForSingleObject  (448, 0, 0x0, ...
 01218   908   NtClose  (480, ...
 01219   308   NtWaitForSingleObject  (448, 0, 0x0, ...
 01220   944   NtRegisterThreadTerminatePort  (24, ...
 01207   468   NtAllocateVirtualMemory  ... 86761472, 8192, ) == 0x0
 00637   960   NtWaitForSingleObject  ... ) == 0x0
 01212   956   NtSetEventBoostPriority  ... ) == 0x0
 01211   948   NtTestAlert  ... ) == 0x0
 01213   928   NtClose  ... ) == 0x0
 01214   952   NtTestAlert  ... ) == 0x0
 01215   924   NtClose  ... ) == 0x0
 01221   888   NtWaitForSingleObject  (448, 0, 0x0, ...
 01210   932   NtClose  ... ) == 0x0
 01222   892   NtWaitForSingleObject  (448, 0, 0x0, ...
 01216   920   NtClose  ... ) == 0x0
 01218   908   NtClose  ... ) == 0x0
 01220   944   NtRegisterThreadTerminatePort  ... ) == 0x0
 01223   960   NtSetEventBoostPriority  (96, ...
 01224   468   NtProtectVirtualMemory  (-1, (0x52be000), 4096, 260, ...
 01225   948   NtContinue  (31194416, 1, ...
 01226   928   NtWaitForSingleObject  (448, 0, 0x0, ...
 01227   952   NtContinue  (32242992, 1, ...
 01228   924   NtWaitForSingleObject  (448, 0, 0x0, ...
 01229   932   NtWaitForSingleObject  (448, 0, 0x0, ...
 01230   956   NtTestAlert  (...
 01231   920   NtSetEventBoostPriority  (448, ...
 01232   908   NtWaitForSingleObject  (448, 0, 0x0, ...
 00647   964   NtWaitForSingleObject  ... ) == 0x0
 01223   960   NtSetEventBoostPriority  ... ) == 0x0
 01233   944   NtWaitForSingleObject  (448, 0, 0x0, ...
 01224   468   NtProtectVirtualMemory  ... (0x52be000), 4096, 4, ) == 0x0
 01234   948   NtRegisterThreadTerminatePort  (24, ...
 01235   952   NtRegisterThreadTerminatePort  (24, ...
 01230   956   NtTestAlert  ... ) == 0x0
 01201   916   NtWaitForSingleObject  ... ) == 0x0
 01231   920   NtSetEventBoostPriority  ... ) == 0x0
 01236   964   NtSetEventBoostPriority  (96, ...
 01237   960   NtTestAlert  (...
 01238   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01234   948   NtRegisterThreadTerminatePort  ... ) == 0x0
 01235   952   NtRegisterThreadTerminatePort  ... ) == 0x0
 01239   916   NtSetEventBoostPriority  (448, ...
 01240   956   NtContinue  (33291568, 1, ...
 00653   968   NtWaitForSingleObject  ... ) == 0x0
 01236   964   NtSetEventBoostPriority  ... ) == 0x0
 01241   920   NtWaitForSingleObject  (448, 0, 0x0, ...
 01237   960   NtTestAlert  ... ) == 0x0
 01238   468   NtCreateThread  ... 480, {460, 1288}, ) == 0x0
 01242   948   NtWaitForSingleObject  (448, 0, 0x0, ...
 01206   936   NtWaitForSingleObject  ... ) == 0x0
 01239   916   NtSetEventBoostPriority  ... ) == 0x0
 01243   952   NtWaitForSingleObject  (448, 0, 0x0, ...
 01244   968   NtSetEventBoostPriority  (96, ...
 01245   956   NtRegisterThreadTerminatePort  (24, ...
 01246   960   NtContinue  (34340144, 1, ...
 01247   468   NtQueryInformationThread  (480, Basic, 28, ...
 01248   964   NtTestAlert  (...
 01249   936   NtSetEventBoostPriority  (448, ...
 01250   916   NtWaitForSingleObject  (448, 0, 0x0, ...
 00663   992   NtWaitForSingleObject  ... ) == 0x0
 01244   968   NtSetEventBoostPriority  ... ) == 0x0
 01245   956   NtRegisterThreadTerminatePort  ... ) == 0x0
 01251   960   NtRegisterThreadTerminatePort  (24, ...
 01209   940   NtWaitForSingleObject  ... ) == 0x0
 01248   964   NtTestAlert  ... ) == 0x0
 01252   992   NtSetEventBoostPriority  (96, ...
 01249   936   NtSetEventBoostPriority  ... ) == 0x0
 01247   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff71000,Pid=460,Tid=1288,}, 0x0, ) == 0x0
 01253   956   NtWaitForSingleObject  (448, 0, 0x0, ...
 01251   960   NtRegisterThreadTerminatePort  ... ) == 0x0
 01254   940   NtSetEventBoostPriority  (448, ...
 00669   996   NtWaitForSingleObject  ... ) == 0x0
 01252   992   NtSetEventBoostPriority  ... ) == 0x0
 01255   964   NtContinue  (35388720, 1, ...
 01256   936   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01257   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1620, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1620, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\1\0\0\314\1\0\0\10\5\0\0" ...  ...
 01258   968   NtTestAlert  (...
 01259   960   NtWaitForSingleObject  (448, 0, 0x0, ...
 01260   996   NtSetEventBoostPriority  (96, ...
 01217   912   NtWaitForSingleObject  ... ) == 0x0
 01254   940   NtSetEventBoostPriority  ... ) == 0x0
 01261   964   NtRegisterThreadTerminatePort  (24, ...
 01256   936   NtDuplicateObject  ... 484, ) == 0x0
 01257   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1621, 0}  ... {28, 56, reply, 0, 460, 468, 1621, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\1\0\0\314\1\0\0\10\5\0\0" )  ) == 0x0
 01258   968   NtTestAlert  ... ) == 0x0
 01262   992   NtTestAlert  (...
 00679  1012   NtWaitForSingleObject  ... ) == 0x0
 01260   996   NtSetEventBoostPriority  ... ) == 0x0
 01263   912   NtSetEventBoostPriority  (448, ...
 01264   940   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01261   964   NtRegisterThreadTerminatePort  ... ) == 0x0
 01265   468   NtResumeThread  (480, ...
 01266   968   NtContinue  (36437296, 1, ...
 01267  1012   NtSetEventBoostPriority  (96, ...
 01262   992   NtTestAlert  ... ) == 0x0
 01268   936   NtWaitForSingleObject  (448, 0, 0x0, ...
 01219   308   NtWaitForSingleObject  ... ) == 0x0
 01264   940   NtDuplicateObject  ... 468, ) == 0x0
 01269   964   NtWaitForSingleObject  (448, 0, 0x0, ...
 01265   468   NtResumeThread  ... 1, ) == 0x0
 00685  1024   NtWaitForSingleObject  ... ) == 0x0
 01267  1012   NtSetEventBoostPriority  ... ) == 0x0
 01270   968   NtRegisterThreadTerminatePort  (24, ...
 01271   992   NtContinue  (37485872, 1, ...
 01272   308   NtSetEventBoostPriority  (448, ...
 01263   912   NtSetEventBoostPriority  ... ) == 0x0
 01273   996   NtTestAlert  (...
 01274  1288   NtWaitForSingleObject  (96, 0, 0x0, ...
 01275   940   NtWaitForSingleObject  (448, 0, 0x0, ...
 01276  1024   NtSetEventBoostPriority  (96, ...
 01277   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01270   968   NtRegisterThreadTerminatePort  ... ) == 0x0
 01278   992   NtRegisterThreadTerminatePort  (24, ...
 01221   888   NtWaitForSingleObject  ... ) == 0x0
 01279   912   NtWaitForSingleObject  (448, 0, 0x0, ...
 01273   996   NtTestAlert  ... ) == 0x0
 00695  1028   NtWaitForSingleObject  ... ) == 0x0
 01276  1024   NtSetEventBoostPriority  ... ) == 0x0
 01277   468   NtAllocateVirtualMemory  ... 86769664, 1048576, ) == 0x0
 01280   968   NtWaitForSingleObject  (448, 0, 0x0, ...
 01278   992   NtRegisterThreadTerminatePort  ... ) == 0x0
 01281   888   NtSetEventBoostPriority  (448, ...
 01282  1028   NtSetEventBoostPriority  (96, ...
 01283   996   NtContinue  (38534448, 1, ...
 01272   308   NtSetEventBoostPriority  ... ) == 0x0
 01284  1012   NtTestAlert  (...
 01285   468   NtAllocateVirtualMemory  (-1, 87810048, 0, 8192, 4096, 4, ...
 01286  1024   NtTestAlert  (...
 01287   992   NtWaitForSingleObject  (448, 0, 0x0, ...
 00701  1000   NtWaitForSingleObject  ... ) == 0x0
 01282  1028   NtSetEventBoostPriority  ... ) == 0x0
 01226   928   NtWaitForSingleObject  ... ) == 0x0
 01281   888   NtSetEventBoostPriority  ... ) == 0x0
 01288   996   NtRegisterThreadTerminatePort  (24, ...
 01289   308   NtWaitForSingleObject  (448, 0, 0x0, ...
 01284  1012   NtTestAlert  ... ) == 0x0
 01285   468   NtAllocateVirtualMemory  ... 87810048, 8192, ) == 0x0
 01286  1024   NtTestAlert  ... ) == 0x0
 01290  1000   NtSetEventBoostPriority  (96, ...
 01291   928   NtSetEventBoostPriority  (448, ...
 01292  1028   NtTestAlert  (...
 01288   996   NtRegisterThreadTerminatePort  ... ) == 0x0
 01293  1012   NtContinue  (39583024, 1, ...
 01294   468   NtProtectVirtualMemory  (-1, (0x53be000), 4096, 260, ...
 00711  1032   NtWaitForSingleObject  ... ) == 0x0
 01228   924   NtWaitForSingleObject  ... ) == 0x0
 01291   928   NtSetEventBoostPriority  ... ) == 0x0
 01290  1000   NtSetEventBoostPriority  ... ) == 0x0
 01295  1024   NtContinue  (40631600, 1, ...
 01292  1028   NtTestAlert  ... ) == 0x0
 01296   996   NtWaitForSingleObject  (448, 0, 0x0, ...
 01297  1012   NtRegisterThreadTerminatePort  (24, ...
 01298  1032   NtSetEventBoostPriority  (96, ...
 01299   924   NtSetEventBoostPriority  (448, ...
 01294   468   NtProtectVirtualMemory  ... (0x53be000), 4096, 4, ) == 0x0
 01300   888   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01301   928   NtWaitForSingleObject  (132, 0, 0x0, ...
 01302  1024   NtRegisterThreadTerminatePort  (24, ...
 01303  1028   NtContinue  (41680176, 1, ...
 01304  1000   NtTestAlert  (...
 00717  1048   NtWaitForSingleObject  ... ) == 0x0
 01229   932   NtWaitForSingleObject  ... ) == 0x0
 01299   924   NtSetEventBoostPriority  ... ) == 0x0
 01298  1032   NtSetEventBoostPriority  ... ) == 0x0
 01297  1012   NtRegisterThreadTerminatePort  ... ) == 0x0
 01300   888   NtDuplicateObject  ... 476, ) == 0x0
 01302  1024   NtRegisterThreadTerminatePort  ... ) == 0x0
 01305  1028   NtRegisterThreadTerminatePort  (24, ...
 01306  1048   NtSetEventBoostPriority  (96, ...
 01307   932   NtSetEventBoostPriority  (448, ...
 01304  1000   NtTestAlert  ... ) == 0x0
 01308   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01309   924   NtWaitForSingleObject  (132, 0, 0x0, ...
 01310  1012   NtWaitForSingleObject  (448, 0, 0x0, ...
 01311   888   NtWaitForSingleObject  (448, 0, 0x0, ...
 01312  1024   NtWaitForSingleObject  (448, 0, 0x0, ...
 00727  1064   NtWaitForSingleObject  ... ) == 0x0
 01232   908   NtWaitForSingleObject  ... ) == 0x0
 01307   932   NtSetEventBoostPriority  ... ) == 0x0
 01306  1048   NtSetEventBoostPriority  ... ) == 0x0
 01305  1028   NtRegisterThreadTerminatePort  ... ) == 0x0
 01313  1000   NtContinue  (42728752, 1, ...
 01308   468   NtCreateThread  ... 472, {460, 1408}, ) == 0x0
 01314  1032   NtTestAlert  (...
 01315  1064   NtSetEventBoostPriority  (96, ...
 01316   908   NtSetEventBoostPriority  (448, ...
 01317   932   NtWaitForSingleObject  (448, 0, 0x0, ...
 01318  1028   NtWaitForSingleObject  (448, 0, 0x0, ...
 01319  1000   NtRegisterThreadTerminatePort  (24, ...
 01320   468   NtQueryInformationThread  (472, Basic, 28, ...
 00733  1084   NtWaitForSingleObject  ... ) == 0x0
 01222   892   NtWaitForSingleObject  ... ) == 0x0
 01316   908   NtSetEventBoostPriority  ... ) == 0x0
 01315  1064   NtSetEventBoostPriority  ... ) == 0x0
 01314  1032   NtTestAlert  ... ) == 0x0
 01321  1048   NtTestAlert  (...
 01319  1000   NtRegisterThreadTerminatePort  ... ) == 0x0
 01322  1084   NtSetEventBoostPriority  (96, ...
 01323   892   NtSetEventBoostPriority  (448, ...
 01320   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff70000,Pid=460,Tid=1408,}, 0x0, ) == 0x0
 01324   908   NtWaitForSingleObject  (132, 0, 0x0, ...
 01325  1032   NtContinue  (43777328, 1, ...
 01321  1048   NtTestAlert  ... ) == 0x0
 00743  1076   NtWaitForSingleObject  ... ) == 0x0
 01233   944   NtWaitForSingleObject  ... ) == 0x0
 01322  1084   NtSetEventBoostPriority  ... ) == 0x0
 01326  1000   NtWaitForSingleObject  (448, 0, 0x0, ...
 01327   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1621, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1621, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\1\0\0\314\1\0\0\200\5\0\0" ...  ...
 01328  1032   NtRegisterThreadTerminatePort  (24, ...
 01329  1076   NtSetEventBoostPriority  (96, ...
 01330  1048   NtContinue  (44825904, 1, ...
 01331   944   NtSetEventBoostPriority  (448, ...
 01323   892   NtSetEventBoostPriority  ... ) == 0x0
 01332  1064   NtTestAlert  (...
 01333  1084   NtTestAlert  (...
 00749  1080   NtWaitForSingleObject  ... ) == 0x0
 01329  1076   NtSetEventBoostPriority  ... ) == 0x0
 01328  1032   NtRegisterThreadTerminatePort  ... ) == 0x0
 01334  1048   NtRegisterThreadTerminatePort  (24, ...
 01241   920   NtWaitForSingleObject  ... ) == 0x0
 01335   892   NtWaitForSingleObject  (448, 0, 0x0, ...
 01332  1064   NtTestAlert  ... ) == 0x0
 01336  1080   NtSetEventBoostPriority  (96, ...
 01333  1084   NtTestAlert  ... ) == 0x0
 01331   944   NtSetEventBoostPriority  ... ) == 0x0
 01327   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1622, 0}  ... {28, 56, reply, 0, 460, 468, 1622, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\1\0\0\314\1\0\0\200\5\0\0" )  ) == 0x0
 01337  1032   NtWaitForSingleObject  (448, 0, 0x0, ...
 01334  1048   NtRegisterThreadTerminatePort  ... ) == 0x0
 01338   920   NtSetEventBoostPriority  (448, ...
 00759  1088   NtWaitForSingleObject  ... ) == 0x0
 01336  1080   NtSetEventBoostPriority  ... ) == 0x0
 01339  1064   NtContinue  (45874480, 1, ...
 01340  1084   NtContinue  (46923056, 1, ...
 01341   944   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01342   468   NtResumeThread  (472, ...
 01343  1076   NtTestAlert  (...
 01344  1048   NtWaitForSingleObject  (448, 0, 0x0, ...
 01345  1088   NtSetEventBoostPriority  (96, ...
 01242   948   NtWaitForSingleObject  ... ) == 0x0
 01338   920   NtSetEventBoostPriority  ... ) == 0x0
 01346  1064   NtRegisterThreadTerminatePort  (24, ...
 01347  1084   NtRegisterThreadTerminatePort  (24, ...
 01341   944   NtDuplicateObject  ... 464, ) == 0x0
 01342   468   NtResumeThread  ... 1, ) == 0x0
 01343  1076   NtTestAlert  ... ) == 0x0
 01348  1080   NtTestAlert  (...
 01349  1408   NtWaitForSingleObject  (96, 0, 0x0, ...
 00765  1004   NtWaitForSingleObject  ... ) == 0x0
 01350   948   NtSetEventBoostPriority  (448, ...
 01345  1088   NtSetEventBoostPriority  ... ) == 0x0
 01346  1064   NtRegisterThreadTerminatePort  ... ) == 0x0
 01347  1084   NtRegisterThreadTerminatePort  ... ) == 0x0
 01351   920   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01352   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01353  1076   NtContinue  (47971632, 1, ...
 01348  1080   NtTestAlert  ... ) == 0x0
 01354  1004   NtSetEventBoostPriority  (96, ...
 01243   952   NtWaitForSingleObject  ... ) == 0x0
 01350   948   NtSetEventBoostPriority  ... ) == 0x0
 01355   944   NtWaitForSingleObject  (448, 0, 0x0, ...
 01356  1064   NtWaitForSingleObject  (448, 0, 0x0, ...
 01357  1084   NtWaitForSingleObject  (448, 0, 0x0, ...
 01351   920   NtWaitForSingleObject  ... ) == 0x102
 01352   468   NtAllocateVirtualMemory  ... 87818240, 1048576, ) == 0x0
 01358  1076   NtRegisterThreadTerminatePort  (24, ...
 00775  1092   NtWaitForSingleObject  ... ) == 0x0
 01354  1004   NtSetEventBoostPriority  ... ) == 0x0
 01359  1080   NtContinue  (49020208, 1, ...
 01360   952   NtSetEventBoostPriority  (448, ...
 01361   948   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01362  1088   NtTestAlert  (...
 01363   920   NtWaitForSingleObject  (448, 0, 0x0, ...
 01364   468   NtAllocateVirtualMemory  (-1, 88858624, 0, 8192, 4096, 4, ...
 01365  1092   NtSetEventBoostPriority  (96, ...
 01358  1076   NtRegisterThreadTerminatePort  ... ) == 0x0
 01366  1080   NtRegisterThreadTerminatePort  (24, ...
 01250   916   NtWaitForSingleObject  ... ) == 0x0
 01361   948   NtDuplicateObject  ... 460, ) == 0x0
 01362  1088   NtTestAlert  ... ) == 0x0
 01360   952   NtSetEventBoostPriority  ... ) == 0x0
 01367  1004   NtTestAlert  (...
 00781  1096   NtWaitForSingleObject  ... ) == 0x0
 01365  1092   NtSetEventBoostPriority  ... ) == 0x0
 01368  1076   NtWaitForSingleObject  (448, 0, 0x0, ...
 01366  1080   NtRegisterThreadTerminatePort  ... ) == 0x0
 01369   916   NtSetEventBoostPriority  (448, ...
 01364   468   NtAllocateVirtualMemory  ... 88858624, 8192, ) == 0x0
 01370  1088   NtContinue  (50068784, 1, ...
 01371   952   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01372  1096   NtSetEventBoostPriority  (96, ...
 01367  1004   NtTestAlert  ... ) == 0x0
 01373   948   NtWaitForSingleObject  (448, 0, 0x0, ...
 01374  1092   NtTestAlert  (...
 01375  1080   NtWaitForSingleObject  (448, 0, 0x0, ...
 01253   956   NtWaitForSingleObject  ... ) == 0x0
 01369   916   NtSetEventBoostPriority  ... ) == 0x0
 01376   468   NtProtectVirtualMemory  (-1, (0x54be000), 4096, 260, ...
 01377  1088   NtRegisterThreadTerminatePort  (24, ...
 00791  1100   NtWaitForSingleObject  ... ) == 0x0
 01372  1096   NtSetEventBoostPriority  ... ) == 0x0
 01371   952   NtDuplicateObject  ... 456, ) == 0x0
 01378  1004   NtContinue  (51117360, 1, ...
 01374  1092   NtTestAlert  ... ) == 0x0
 01379   956   NtSetEventBoostPriority  (448, ...
 01380   916   NtWaitForSingleObject  (448, 0, 0x0, ...
 01376   468   NtProtectVirtualMemory  ... (0x54be000), 4096, 4, ) == 0x0
 01381  1100   NtSetEventBoostPriority  (96, ...
 01377  1088   NtRegisterThreadTerminatePort  ... ) == 0x0
 01382  1096   NtTestAlert  (...
 01383  1004   NtRegisterThreadTerminatePort  (24, ...
 01259   960   NtWaitForSingleObject  ... ) == 0x0
 01384  1092   NtContinue  (52165936, 1, ...
 01379   956   NtSetEventBoostPriority  ... ) == 0x0
 01385   952   NtWaitForSingleObject  (448, 0, 0x0, ...
 00797  1104   NtWaitForSingleObject  ... ) == 0x0
 01381  1100   NtSetEventBoostPriority  ... ) == 0x0
 01386   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01387  1088   NtWaitForSingleObject  (448, 0, 0x0, ...
 01382  1096   NtTestAlert  ... ) == 0x0
 01383  1004   NtRegisterThreadTerminatePort  ... ) == 0x0
 01388   960   NtSetEventBoostPriority  (448, ...
 01389  1092   NtRegisterThreadTerminatePort  (24, ...
 01390   956   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01391  1104   NtSetEventBoostPriority  (96, ...
 01386   468   NtCreateThread  ... 452, {460, 1420}, ) == 0x0
 01392  1100   NtTestAlert  (...
 01393  1096   NtContinue  (53214512, 1, ...
 01394  1004   NtWaitForSingleObject  (448, 0, 0x0, ...
 01268   936   NtWaitForSingleObject  ... ) == 0x0
 01389  1092   NtRegisterThreadTerminatePort  ... ) == 0x0
 00807  1108   NtWaitForSingleObject  ... ) == 0x0
 01391  1104   NtSetEventBoostPriority  ... ) == 0x0
 01390   956   NtDuplicateObject  ... 488, ) == 0x0
 01395   468   NtQueryInformationThread  (452, Basic, 28, ...
 01392  1100   NtTestAlert  ... ) == 0x0
 01396  1096   NtRegisterThreadTerminatePort  (24, ...
 01388   960   NtSetEventBoostPriority  ... ) == 0x0
 01397   936   NtSetEventBoostPriority  (448, ...
 01398  1108   NtAllocateVirtualMemory  (-1, 8802304, 0, 4096, 4096, 4, ...
 01399  1092   NtWaitForSingleObject  (448, 0, 0x0, ...
 01400  1104   NtTestAlert  (...
 01401   956   NtWaitForSingleObject  (448, 0, 0x0, ...
 01402  1100   NtContinue  (54263088, 1, ...
 01396  1096   NtRegisterThreadTerminatePort  ... ) == 0x0
 01403   960   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01398  1108   NtAllocateVirtualMemory  ... 8802304, 4096, ) == 0x0
 01269   964   NtWaitForSingleObject  ... ) == 0x0
 01397   936   NtSetEventBoostPriority  ... ) == 0x0
 01395   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff6f000,Pid=460,Tid=1420,}, 0x0, ) == 0x0
 01400  1104   NtTestAlert  ... ) == 0x0
 01404  1100   NtRegisterThreadTerminatePort  (24, ...
 01405  1096   NtWaitForSingleObject  (448, 0, 0x0, ...
 01403   960   NtDuplicateObject  ... 492, ) == 0x0
 01406   964   NtSetEventBoostPriority  (448, ...
 01407   936   NtWaitForSingleObject  (448, 0, 0x0, ...
 01408   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1622, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1622, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\304\1\0\0\314\1\0\0\214\5\0\0" ...  ...
 01409  1104   NtContinue  (55311664, 1, ...
 01404  1100   NtRegisterThreadTerminatePort  ... ) == 0x0
 01410  1108   NtSetEventBoostPriority  (96, ...
 01275   940   NtWaitForSingleObject  ... ) == 0x0
 01406   964   NtSetEventBoostPriority  ... ) == 0x0
 01411   960   NtWaitForSingleObject  (448, 0, 0x0, ...
 01408   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1623, 0}  ... {28, 56, reply, 0, 460, 468, 1623, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\304\1\0\0\314\1\0\0\214\5\0\0" )  ) == 0x0
 01412  1104   NtRegisterThreadTerminatePort  (24, ...
 01413  1100   NtWaitForSingleObject  (448, 0, 0x0, ...
 00813  1152   NtWaitForSingleObject  ... ) == 0x0
 01410  1108   NtSetEventBoostPriority  ... ) == 0x0
 01414   940   NtSetEventBoostPriority  (448, ...
 01415   964   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01416   468   NtResumeThread  (452, ...
 01412  1104   NtRegisterThreadTerminatePort  ... ) == 0x0
 01417  1152   NtSetEventBoostPriority  (96, ...
 01418  1108   NtTestAlert  (...
 01279   912   NtWaitForSingleObject  ... ) == 0x0
 01414   940   NtSetEventBoostPriority  ... ) == 0x0
 01415   964   NtDuplicateObject  ... 496, ) == 0x0
 01416   468   NtResumeThread  ... 1, ) == 0x0
 00823  1148   NtWaitForSingleObject  ... ) == 0x0
 01417  1152   NtSetEventBoostPriority  ... ) == 0x0
 01419  1104   NtWaitForSingleObject  (448, 0, 0x0, ...
 01420   912   NtSetEventBoostPriority  (448, ...
 01418  1108   NtTestAlert  ... ) == 0x0
 01421   940   NtWaitForSingleObject  (448, 0, 0x0, ...
 01422  1420   NtWaitForSingleObject  (96, 0, 0x0, ...
 01423   964   NtWaitForSingleObject  (448, 0, 0x0, ...
 01424  1148   NtSetEventBoostPriority  (96, ...
 01425   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01426  1152   NtTestAlert  (...
 01280   968   NtWaitForSingleObject  ... ) == 0x0
 01420   912   NtSetEventBoostPriority  ... ) == 0x0
 01427  1108   NtContinue  (56360240, 1, ...
 00833  1128   NtWaitForSingleObject  ... ) == 0x0
 01424  1148   NtSetEventBoostPriority  ... ) == 0x0
 01425   468   NtAllocateVirtualMemory  ... 88866816, 1048576, ) == 0x0
 01428   968   NtSetEventBoostPriority  (448, ...
 01426  1152   NtTestAlert  ... ) == 0x0
 01429  1128   NtSetEventBoostPriority  (96, ...
 01430  1108   NtRegisterThreadTerminatePort  (24, ...
 01431   912   NtWaitForSingleObject  (448, 0, 0x0, ...
 01287   992   NtWaitForSingleObject  ... ) == 0x0
 01432   468   NtAllocateVirtualMemory  (-1, 89907200, 0, 8192, 4096, 4, ...
 00840  1156   NtWaitForSingleObject  ... ) == 0x0
 01429  1128   NtSetEventBoostPriority  ... ) == 0x0
 01433  1152   NtContinue  (57408816, 1, ...
 01428   968   NtSetEventBoostPriority  ... ) == 0x0
 01434  1148   NtTestAlert  (...
 01435   992   NtSetEventBoostPriority  (448, ...
 01436  1156   NtSetEventBoostPriority  (96, ...
 01432   468   NtAllocateVirtualMemory  ... 89907200, 8192, ) == 0x0
 01430  1108   NtRegisterThreadTerminatePort  ... ) == 0x0
 01437  1152   NtRegisterThreadTerminatePort  (24, ...
 01438   968   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01434  1148   NtTestAlert  ... ) == 0x0
 00846   320   NtWaitForSingleObject  ... ) == 0x0
 01436  1156   NtSetEventBoostPriority  ... ) == 0x0
 01289   308   NtWaitForSingleObject  ... ) == 0x0
 01439   468   NtProtectVirtualMemory  (-1, (0x55be000), 4096, 260, ...
 01440  1108   NtWaitForSingleObject  (448, 0, 0x0, ...
 01437  1152   NtRegisterThreadTerminatePort  ... ) == 0x0
 01438   968   NtDuplicateObject  ... 500, ) == 0x0
 01441   320   NtSetEventBoostPriority  (96, ...
 01442  1148   NtContinue  (58457392, 1, ...
 01435   992   NtSetEventBoostPriority  ... ) == 0x0
 01443  1128   NtTestAlert  (...
 01444   308   NtSetEventBoostPriority  (448, ...
 01439   468   NtProtectVirtualMemory  ... (0x55be000), 4096, 4, ) == 0x0
 01445  1152   NtWaitForSingleObject  (448, 0, 0x0, ...
 01446  1156   NtTestAlert  (...
 00856  1172   NtWaitForSingleObject  ... ) == 0x0
 01441   320   NtSetEventBoostPriority  ... ) == 0x0
 01447  1148   NtRegisterThreadTerminatePort  (24, ...
 01448   992   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01443  1128   NtTestAlert  ... ) == 0x0
 01296   996   NtWaitForSingleObject  ... ) == 0x0
 01444   308   NtSetEventBoostPriority  ... ) == 0x0
 01449   968   NtWaitForSingleObject  (448, 0, 0x0, ...
 01450   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01451  1172   NtSetEventBoostPriority  (96, ...
 01446  1156   NtTestAlert  ... ) == 0x0
 01447  1148   NtRegisterThreadTerminatePort  ... ) == 0x0
 01448   992   NtDuplicateObject  ... 504, ) == 0x0
 01452   996   NtSetEventBoostPriority  (448, ...
 01453  1128   NtContinue  (59505968, 1, ...
 01454   320   NtTestAlert  (...
 00862  1184   NtWaitForSingleObject  ... ) == 0x0
 01451  1172   NtSetEventBoostPriority  ... ) == 0x0
 01450   468   NtCreateThread  ... 508, {460, 1424}, ) == 0x0
 01455  1156   NtContinue  (60554544, 1, ...
 01456  1148   NtWaitForSingleObject  (448, 0, 0x0, ...
 01457   308   NtWaitForSingleObject  (448, 0, 0x0, ...
 01311   888   NtWaitForSingleObject  ... ) == 0x0
 01458  1128   NtRegisterThreadTerminatePort  (24, ...
 01459  1184   NtSetEventBoostPriority  (96, ...
 01454   320   NtTestAlert  ... ) == 0x0
 01452   996   NtSetEventBoostPriority  ... ) == 0x0
 01460   992   NtWaitForSingleObject  (448, 0, 0x0, ...
 01461   468   NtQueryInformationThread  (508, Basic, 28, ...
 01462  1156   NtRegisterThreadTerminatePort  (24, ...
 01463  1172   NtTestAlert  (...
 01464   888   NtSetEventBoostPriority  (448, ...
 00872   324   NtWaitForSingleObject  ... ) == 0x0
 01459  1184   NtSetEventBoostPriority  ... ) == 0x0
 01458  1128   NtRegisterThreadTerminatePort  ... ) == 0x0
 01465   320   NtContinue  (61603120, 1, ...
 01466   996   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01461   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff6e000,Pid=460,Tid=1424,}, 0x0, ) == 0x0
 01462  1156   NtRegisterThreadTerminatePort  ... ) == 0x0
 01463  1172   NtTestAlert  ... ) == 0x0
 01467   324   NtSetEventBoostPriority  (96, ...
 01310  1012   NtWaitForSingleObject  ... ) == 0x0
 01464   888   NtSetEventBoostPriority  ... ) == 0x0
 01468  1128   NtWaitForSingleObject  (448, 0, 0x0, ...
 01469   320   NtRegisterThreadTerminatePort  (24, ...
 01466   996   NtDuplicateObject  ... 512, ) == 0x0
 01470   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1623, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1623, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\374\1\0\0\314\1\0\0\220\5\0\0" ...  ...
 01471  1156   NtWaitForSingleObject  (448, 0, 0x0, ...
 00878  1192   NtWaitForSingleObject  ... ) == 0x0
 01472  1012   NtSetEventBoostPriority  (448, ...
 01467   324   NtSetEventBoostPriority  ... ) == 0x0
 01473  1172   NtContinue  (62651696, 1, ...
 01474  1184   NtTestAlert  (...
 01475   888   NtWaitForSingleObject  (448, 0, 0x0, ...
 01469   320   NtRegisterThreadTerminatePort  ... ) == 0x0
 01470   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1624, 0}  ... {28, 56, reply, 0, 460, 468, 1624, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\374\1\0\0\314\1\0\0\220\5\0\0" )  ) == 0x0
 01476   996   NtWaitForSingleObject  (448, 0, 0x0, ...
 01477  1192   NtSetEventBoostPriority  (96, ...
 01312  1024   NtWaitForSingleObject  ... ) == 0x0
 01472  1012   NtSetEventBoostPriority  ... ) == 0x0
 01478  1172   NtRegisterThreadTerminatePort  (24, ...
 01474  1184   NtTestAlert  ... ) == 0x0
 01479   320   NtWaitForSingleObject  (448, 0, 0x0, ...
 01480   468   NtResumeThread  (508, ...
 00888  1072   NtWaitForSingleObject  ... ) == 0x0
 01477  1192   NtSetEventBoostPriority  ... ) == 0x0
 01481  1024   NtSetEventBoostPriority  (448, ...
 01482  1012   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01478  1172   NtRegisterThreadTerminatePort  ... ) == 0x0
 01483  1184   NtContinue  (63700272, 1, ...
 01484   324   NtTestAlert  (...
 01485  1072   NtSetEventBoostPriority  (96, ...
 01480   468   NtResumeThread  ... 1, ) == 0x0
 01317   932   NtWaitForSingleObject  ... ) == 0x0
 01482  1012   NtDuplicateObject  ... 516, ) == 0x0
 01486  1172   NtWaitForSingleObject  (448, 0, 0x0, ...
 01487  1184   NtRegisterThreadTerminatePort  (24, ...
 00894  1208   NtWaitForSingleObject  ... ) == 0x0
 01485  1072   NtSetEventBoostPriority  ... ) == 0x0
 01484   324   NtTestAlert  ... ) == 0x0
 01488   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01489   932   NtSetEventBoostPriority  (448, ...
 01481  1024   NtSetEventBoostPriority  ... ) == 0x0
 01490  1192   NtTestAlert  (...
 01491  1424   NtWaitForSingleObject  (96, 0, 0x0, ...
 01492  1012   NtWaitForSingleObject  (448, 0, 0x0, ...
 01493  1208   NtSetEventBoostPriority  (96, ...
 01487  1184   NtRegisterThreadTerminatePort  ... ) == 0x0
 01494   324   NtContinue  (64748848, 1, ...
 01488   468   NtAllocateVirtualMemory  ... 89915392, 1048576, ) == 0x0
 01318  1028   NtWaitForSingleObject  ... ) == 0x0
 01489   932   NtSetEventBoostPriority  ... ) == 0x0
 01495  1024   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01490  1192   NtTestAlert  ... ) == 0x0
 00904  1216   NtWaitForSingleObject  ... ) == 0x0
 01493  1208   NtSetEventBoostPriority  ... ) == 0x0
 01496  1184   NtWaitForSingleObject  (448, 0, 0x0, ...
 01497   324   NtRegisterThreadTerminatePort  (24, ...
 01498  1028   NtSetEventBoostPriority  (448, ...
 01499   468   NtAllocateVirtualMemory  (-1, 90955776, 0, 8192, 4096, 4, ...
 01500   932   NtWaitForSingleObject  (448, 0, 0x0, ...
 01495  1024   NtDuplicateObject  ... 520, ) == 0x0
 01501  1216   NtSetEventBoostPriority  (96, ...
 01502  1192   NtContinue  (65797424, 1, ...
 01503  1072   NtTestAlert  (...
 01504  1208   NtTestAlert  (...
 01326  1000   NtWaitForSingleObject  ... ) == 0x0
 01497   324   NtRegisterThreadTerminatePort  ... ) == 0x0
 01498  1028   NtSetEventBoostPriority  ... ) == 0x0
 01499   468   NtAllocateVirtualMemory  ... 90955776, 8192, ) == 0x0
 00910  1224   NtWaitForSingleObject  ... ) == 0x0
 01501  1216   NtSetEventBoostPriority  ... ) == 0x0
 01505  1192   NtRegisterThreadTerminatePort  (24, ...
 01503  1072   NtTestAlert  ... ) == 0x0
 01504  1208   NtTestAlert  ... ) == 0x0
 01506  1000   NtSetEventBoostPriority  (448, ...
 01507   324   NtWaitForSingleObject  (448, 0, 0x0, ...
 01508  1028   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01509  1224   NtSetEventBoostPriority  (96, ...
 01510   468   NtProtectVirtualMemory  (-1, (0x56be000), 4096, 260, ...
 01511  1024   NtWaitForSingleObject  (448, 0, 0x0, ...
 01505  1192   NtRegisterThreadTerminatePort  ... ) == 0x0
 01512  1072   NtContinue  (66846000, 1, ...
 01513  1208   NtContinue  (67894576, 1, ...
 01335   892   NtWaitForSingleObject  ... ) == 0x0
 01506  1000   NtSetEventBoostPriority  ... ) == 0x0
 01514  1216   NtTestAlert  (...
 00920  1232   NtWaitForSingleObject  ... ) == 0x0
 01509  1224   NtSetEventBoostPriority  ... ) == 0x0
 01508  1028   NtDuplicateObject  ... 524, ) == 0x0
 01510   468   NtProtectVirtualMemory  ... (0x56be000), 4096, 4, ) == 0x0
 01515  1192   NtWaitForSingleObject  (448, 0, 0x0, ...
 01516  1072   NtRegisterThreadTerminatePort  (24, ...
 01517  1208   NtRegisterThreadTerminatePort  (24, ...
 01518   892   NtSetEventBoostPriority  (448, ...
 01519  1000   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01520  1232   NtSetEventBoostPriority  (96, ...
 01514  1216   NtTestAlert  ... ) == 0x0
 01521  1224   NtTestAlert  (...
 01522   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01523  1028   NtWaitForSingleObject  (448, 0, 0x0, ...
 01516  1072   NtRegisterThreadTerminatePort  ... ) == 0x0
 01517  1208   NtRegisterThreadTerminatePort  ... ) == 0x0
 01337  1032   NtWaitForSingleObject  ... ) == 0x0
 01518   892   NtSetEventBoostPriority  ... ) == 0x0
 00926  1236   NtWaitForSingleObject  ... ) == 0x0
 01520  1232   NtSetEventBoostPriority  ... ) == 0x0
 01519  1000   NtDuplicateObject  ... 528, ) == 0x0
 01524  1216   NtContinue  (68943152, 1, ...
 01521  1224   NtTestAlert  ... ) == 0x0
 01522   468   NtCreateThread  ... 532, {460, 1428}, ) == 0x0
 01525  1072   NtWaitForSingleObject  (448, 0, 0x0, ...
 01526  1032   NtSetEventBoostPriority  (448, ...
 01527  1208   NtWaitForSingleObject  (448, 0, 0x0, ...
 01528  1236   NtSetEventBoostPriority  (96, ...
 01529   892   NtWaitForSingleObject  (448, 0, 0x0, ...
 01530  1232   NtTestAlert  (...
 01531  1216   NtRegisterThreadTerminatePort  (24, ...
 01532  1224   NtContinue  (69991728, 1, ...
 01533   468   NtQueryInformationThread  (532, Basic, 28, ...
 01534  1000   NtWaitForSingleObject  (448, 0, 0x0, ...
 01344  1048   NtWaitForSingleObject  ... ) == 0x0
 01526  1032   NtSetEventBoostPriority  ... ) == 0x0
 00941  1252   NtWaitForSingleObject  ... ) == 0x0
 01528  1236   NtSetEventBoostPriority  ... ) == 0x0
 01530  1232   NtTestAlert  ... ) == 0x0
 01531  1216   NtRegisterThreadTerminatePort  ... ) == 0x0
 01535  1224   NtRegisterThreadTerminatePort  (24, ...
 01536  1048   NtSetEventBoostPriority  (448, ...
 01537  1252   NtSetEventBoostPriority  (96, ...
 01538  1032   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01533   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff6d000,Pid=460,Tid=1428,}, 0x0, ) == 0x0
 01539  1232   NtContinue  (71040304, 1, ...
 01540  1216   NtWaitForSingleObject  (448, 0, 0x0, ...
 01535  1224   NtRegisterThreadTerminatePort  ... ) == 0x0
 00950   712   NtWaitForSingleObject  ... ) == 0x0
 01537  1252   NtSetEventBoostPriority  ... ) == 0x0
 01355   944   NtWaitForSingleObject  ... ) == 0x0
 01538  1032   NtDuplicateObject  ... 536, ) == 0x0
 01541   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1624, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1624, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\24\2\0\0\314\1\0\0\224\5\0\0" ...  ...
 01542  1232   NtRegisterThreadTerminatePort  (24, ...
 01536  1048   NtSetEventBoostPriority  ... ) == 0x0
 01543  1236   NtTestAlert  (...
 01544   712   NtSetEventBoostPriority  (96, ...
 01545  1224   NtWaitForSingleObject  (448, 0, 0x0, ...
 01546   944   NtSetEventBoostPriority  (448, ...
 01547  1252   NtTestAlert  (...
 01541   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1625, 0}  ... {28, 56, reply, 0, 460, 468, 1625, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\24\2\0\0\314\1\0\0\224\5\0\0" )  ) == 0x0
 01542  1232   NtRegisterThreadTerminatePort  ... ) == 0x0
 01548  1048   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00972  1256   NtWaitForSingleObject  ... ) == 0x0
 01544   712   NtSetEventBoostPriority  ... ) == 0x0
 01543  1236   NtTestAlert  ... ) == 0x0
 01549  1032   NtWaitForSingleObject  (448, 0, 0x0, ...
 01356  1064   NtWaitForSingleObject  ... ) == 0x0
 01546   944   NtSetEventBoostPriority  ... ) == 0x0
 01547  1252   NtTestAlert  ... ) == 0x0
 01550   468   NtResumeThread  (532, ...
 01551  1232   NtWaitForSingleObject  (448, 0, 0x0, ...
 01552  1256   NtSetEventBoostPriority  (96, ...
 01548  1048   NtDuplicateObject  ... 540, ) == 0x0
 01553  1236   NtContinue  (72088880, 1, ...
 01554  1064   NtSetEventBoostPriority  (448, ...
 01555   944   NtWaitForSingleObject  (448, 0, 0x0, ...
 01556  1252   NtContinue  (73137456, 1, ...
 01550   468   NtResumeThread  ... 1, ) == 0x0
 01557   712   NtTestAlert  (...
 00984  1240   NtWaitForSingleObject  ... ) == 0x0
 01552  1256   NtSetEventBoostPriority  ... ) == 0x0
 01558  1428   NtWaitForSingleObject  (96, 0, 0x0, ...
 01357  1084   NtWaitForSingleObject  ... ) == 0x0
 01559  1236   NtRegisterThreadTerminatePort  (24, ...
 01554  1064   NtSetEventBoostPriority  ... ) == 0x0
 01560  1048   NtWaitForSingleObject  (448, 0, 0x0, ...
 01561  1252   NtRegisterThreadTerminatePort  (24, ...
 01562  1240   NtSetEventBoostPriority  (96, ...
 01557   712   NtTestAlert  ... ) == 0x0
 01563   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01564  1084   NtSetEventBoostPriority  (448, ...
 01559  1236   NtRegisterThreadTerminatePort  ... ) == 0x0
 01565  1064   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 00997  1244   NtWaitForSingleObject  ... ) == 0x0
 01562  1240   NtSetEventBoostPriority  ... ) == 0x0
 01561  1252   NtRegisterThreadTerminatePort  ... ) == 0x0
 01566   712   NtContinue  (74186032, 1, ...
 01563   468   NtAllocateVirtualMemory  ... 90963968, 1048576, ) == 0x0
 01363   920   NtWaitForSingleObject  ... ) == 0x0
 01567  1236   NtWaitForSingleObject  (448, 0, 0x0, ...
 01568  1244   NtSetEventBoostPriority  (96, ...
 01565  1064   NtDuplicateObject  ... 544, ) == 0x0
 01564  1084   NtSetEventBoostPriority  ... ) == 0x0
 01569  1256   NtTestAlert  (...
 01570  1252   NtWaitForSingleObject  (448, 0, 0x0, ...
 01571   712   NtRegisterThreadTerminatePort  (24, ...
 01572   468   NtAllocateVirtualMemory  (-1, 92004352, 0, 8192, 4096, 4, ...
 01573   920   NtSetEventBoostPriority  (448, ...
 01574  1240   NtTestAlert  (...
 01009  1296   NtWaitForSingleObject  ... ) == 0x0
 01568  1244   NtSetEventBoostPriority  ... ) == 0x0
 01575  1084   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01569  1256   NtTestAlert  ... ) == 0x0
 01576  1064   NtWaitForSingleObject  (448, 0, 0x0, ...
 01571   712   NtRegisterThreadTerminatePort  ... ) == 0x0
 01572   468   NtAllocateVirtualMemory  ... 92004352, 8192, ) == 0x0
 01373   948   NtWaitForSingleObject  ... ) == 0x0
 01573   920   NtSetEventBoostPriority  ... ) == 0x0
 01577  1296   NtSetEventBoostPriority  (96, ...
 01574  1240   NtTestAlert  ... ) == 0x0
 01575  1084   NtDuplicateObject  ... 548, ) == 0x0
 01578  1256   NtContinue  (75234608, 1, ...
 01579   712   NtWaitForSingleObject  (448, 0, 0x0, ...
 01580   948   NtSetEventBoostPriority  (448, ...
 01581   468   NtProtectVirtualMemory  (-1, (0x57be000), 4096, 260, ...
 01582  1244   NtTestAlert  (...
 01031  1300   NtWaitForSingleObject  ... ) == 0x0
 01577  1296   NtSetEventBoostPriority  ... ) == 0x0
 01583  1240   NtContinue  (76283184, 1, ...
 01584   920   NtWaitForSingleObject  (132, 0, 0x0, ...
 01585  1256   NtRegisterThreadTerminatePort  (24, ...
 01586  1084   NtWaitForSingleObject  (448, 0, 0x0, ...
 01368  1076   NtWaitForSingleObject  ... ) == 0x0
 01580   948   NtSetEventBoostPriority  ... ) == 0x0
 01581   468   NtProtectVirtualMemory  ... (0x57be000), 4096, 4, ) == 0x0
 01587  1300   NtSetEventBoostPriority  (96, ...
 01582  1244   NtTestAlert  ... ) == 0x0
 01588  1240   NtRegisterThreadTerminatePort  (24, ...
 01585  1256   NtRegisterThreadTerminatePort  ... ) == 0x0
 01589  1076   NtSetEventBoostPriority  (448, ...
 01590   948   NtWaitForSingleObject  (448, 0, 0x0, ...
 01591  1296   NtTestAlert  (...
 01043  1292   NtWaitForSingleObject  ... ) == 0x0
 01587  1300   NtSetEventBoostPriority  ... ) == 0x0
 01592  1244   NtContinue  (77331760, 1, ...
 01588  1240   NtRegisterThreadTerminatePort  ... ) == 0x0
 01375  1080   NtWaitForSingleObject  ... ) == 0x0
 01593  1256   NtWaitForSingleObject  (448, 0, 0x0, ...
 01589  1076   NtSetEventBoostPriority  ... ) == 0x0
 01594   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01595  1292   NtSetEventBoostPriority  (96, ...
 01591  1296   NtTestAlert  ... ) == 0x0
 01596  1244   NtRegisterThreadTerminatePort  (24, ...
 01597  1240   NtWaitForSingleObject  (448, 0, 0x0, ...
 01598  1080   NtAllocateVirtualMemory  (-1, 1355776, 0, 4096, 4096, 4, ...
 01599  1300   NtTestAlert  (...
 01600  1076   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01056  1304   NtWaitForSingleObject  ... ) == 0x0
 01595  1292   NtSetEventBoostPriority  ... ) == 0x0
 01594   468   NtCreateThread  ... 552, {460, 1432}, ) == 0x0
 01601  1296   NtContinue  (78380336, 1, ...
 01596  1244   NtRegisterThreadTerminatePort  ... ) == 0x0
 01598  1080   NtAllocateVirtualMemory  ... 1355776, 4096, ) == 0x0
 01599  1300   NtTestAlert  ... ) == 0x0
 01602  1304   NtSetEventBoostPriority  (96, ...
 01600  1076   NtDuplicateObject  ... 556, ) == 0x0
 01603   468   NtQueryInformationThread  (552, Basic, 28, ...
 01604  1296   NtRegisterThreadTerminatePort  (24, ...
 01605  1244   NtWaitForSingleObject  (448, 0, 0x0, ...
 01606  1080   NtSetEventBoostPriority  (448, ...
 01068  1272   NtWaitForSingleObject  ... ) == 0x0
 01602  1304   NtSetEventBoostPriority  ... ) == 0x0
 01607  1300   NtContinue  (79428912, 1, ...
 01608  1292   NtTestAlert  (...
 01603   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff6c000,Pid=460,Tid=1432,}, 0x0, ) == 0x0
 01604  1296   NtRegisterThreadTerminatePort  ... ) == 0x0
 01609  1076   NtWaitForSingleObject  (448, 0, 0x0, ...
 01610  1272   NtSetEventBoostPriority  (96, ...
 01385   952   NtWaitForSingleObject  ... ) == 0x0
 01606  1080   NtSetEventBoostPriority  ... ) == 0x0
 01611  1300   NtRegisterThreadTerminatePort  (24, ...
 01608  1292   NtTestAlert  ... ) == 0x0
 01612   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1625, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1625, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO(\2\0\0\314\1\0\0\230\5\0\0" ...  ...
 01613  1296   NtWaitForSingleObject  (448, 0, 0x0, ...
 01084   876   NtWaitForSingleObject  ... ) == 0x0
 01610  1272   NtSetEventBoostPriority  ... ) == 0x0
 01614   952   NtSetEventBoostPriority  (448, ...
 01615  1304   NtTestAlert  (...
 01611  1300   NtRegisterThreadTerminatePort  ... ) == 0x0
 01616  1292   NtContinue  (80477488, 1, ...
 01612   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1626, 0}  ... {28, 56, reply, 0, 460, 468, 1626, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO(\2\0\0\314\1\0\0\230\5\0\0" )  ) == 0x0
 01617  1080   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01618   876   NtSetEventBoostPriority  (96, ...
 01380   916   NtWaitForSingleObject  ... ) == 0x0
 01614   952   NtSetEventBoostPriority  ... ) == 0x0
 01615  1304   NtTestAlert  ... ) == 0x0
 01619  1300   NtWaitForSingleObject  (448, 0, 0x0, ...
 01620  1292   NtRegisterThreadTerminatePort  (24, ...
 01621   468   NtResumeThread  (552, ...
 01091  1312   NtWaitForSingleObject  ... ) == 0x0
 01622   916   NtSetEventBoostPriority  (448, ...
 01618   876   NtSetEventBoostPriority  ... ) == 0x0
 01617  1080   NtDuplicateObject  ... 560, ) == 0x0
 01623   952   NtWaitForSingleObject  (448, 0, 0x0, ...
 01624  1304   NtContinue  (81526064, 1, ...
 01625  1272   NtTestAlert  (...
 01620  1292   NtRegisterThreadTerminatePort  ... ) == 0x0
 01626  1312   NtSetEventBoostPriority  (96, ...
 01387  1088   NtWaitForSingleObject  ... ) == 0x0
 01621   468   NtResumeThread  ... 1, ) == 0x0
 01622   916   NtSetEventBoostPriority  ... ) == 0x0
 01627  1080   NtWaitForSingleObject  (448, 0, 0x0, ...
 01628   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 01629  1432   NtWaitForSingleObject  (96, 0, 0x0, ...
 01630  1304   NtRegisterThreadTerminatePort  (24, ...
 01625  1272   NtTestAlert  ... ) == 0x0
 01112  1316   NtWaitForSingleObject  ... ) == 0x0
 01626  1312   NtSetEventBoostPriority  ... ) == 0x0
 01631  1292   NtWaitForSingleObject  (448, 0, 0x0, ...
 01632  1088   NtSetEventBoostPriority  (448, ...
 01633   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01634   916   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01630  1304   NtRegisterThreadTerminatePort  ... ) == 0x0
 01635  1316   NtSetEventBoostPriority  (96, ...
 01636  1272   NtContinue  (82574640, 1, ...
 01637  1312   NtTestAlert  (...
 01394  1004   NtWaitForSingleObject  ... ) == 0x0
 01633   468   NtAllocateVirtualMemory  ... 92012544, 1048576, ) == 0x0
 01159   864   NtWaitForSingleObject  ... ) == 0x0
 01635  1316   NtSetEventBoostPriority  ... ) == 0x0
 01638  1304   NtWaitForSingleObject  (448, 0, 0x0, ...
 01639  1272   NtRegisterThreadTerminatePort  (24, ...
 01637  1312   NtTestAlert  ... ) == 0x0
 01640  1004   NtSetEventBoostPriority  (448, ...
 01641   864   NtSetEventBoostPriority  (96, ...
 01642   468   NtAllocateVirtualMemory  (-1, 93052928, 0, 8192, 4096, 4, ...
 01632  1088   NtSetEventBoostPriority  ... ) == 0x0
 01634   916   NtWaitForSingleObject  ... ) == 0x102
 01643  1316   NtTestAlert  (...
 01639  1272   NtRegisterThreadTerminatePort  ... ) == 0x0
 01644  1312   NtContinue  (83623216, 1, ...
 01193  1180   NtWaitForSingleObject  ... ) == 0x0
 01641   864   NtSetEventBoostPriority  ... ) == 0x0
 01401   956   NtWaitForSingleObject  ... ) == 0x0
 01640  1004   NtSetEventBoostPriority  ... ) == 0x0
 01645  1088   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01646   916   NtWaitForSingleObject  (448, 0, 0x0, ...
 01643  1316   NtTestAlert  ... ) == 0x0
 01647  1272   NtWaitForSingleObject  (448, 0, 0x0, ...
 01648  1180   NtSetEventBoostPriority  (96, ...
 01649  1312   NtRegisterThreadTerminatePort  (24, ...
 01650   864   NtWaitForSingleObject  (96, 0, 0x0, ...
 01651   956   NtSetEventBoostPriority  (448, ...
 01652  1004   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01645  1088   NtDuplicateObject  ... 564, ) == 0x0
 01653  1316   NtContinue  (84671792, 1, ...
 01642   468   NtAllocateVirtualMemory  ... 93052928, 8192, ) == 0x0
 01274  1288   NtWaitForSingleObject  ... ) == 0x0
 01648  1180   NtSetEventBoostPriority  ... ) == 0x0
 01649  1312   NtRegisterThreadTerminatePort  ... ) == 0x0
 01399  1092   NtWaitForSingleObject  ... ) == 0x0
 01651   956   NtSetEventBoostPriority  ... ) == 0x0
 01652  1004   NtDuplicateObject  ... 568, ) == 0x0
 01654  1316   NtRegisterThreadTerminatePort  (24, ...
 01655  1288   NtAllocateVirtualMemory  (-1, 8806400, 0, 4096, 4096, 4, ...
 01656   468   NtProtectVirtualMemory  (-1, (0x58be000), 4096, 260, ...
 01657  1088   NtWaitForSingleObject  (448, 0, 0x0, ...
 01658  1092   NtSetEventBoostPriority  (448, ...
 01659  1312   NtWaitForSingleObject  (448, 0, 0x0, ...
 01660   956   NtWaitForSingleObject  (448, 0, 0x0, ...
 01661  1180   NtTestAlert  (...
 01655  1288   NtAllocateVirtualMemory  ... 8806400, 4096, ) == 0x0
 01654  1316   NtRegisterThreadTerminatePort  ... ) == 0x0
 01656   468   NtProtectVirtualMemory  ... (0x58be000), 4096, 4, ) == 0x0
 01405  1096   NtWaitForSingleObject  ... ) == 0x0
 01658  1092   NtSetEventBoostPriority  ... ) == 0x0
 01662  1004   NtWaitForSingleObject  (448, 0, 0x0, ...
 01661  1180   NtTestAlert  ... ) == 0x0
 01663  1316   NtWaitForSingleObject  (448, 0, 0x0, ...
 01664   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01665  1096   NtSetEventBoostPriority  (448, ...
 01666  1092   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01667  1180   NtContinue  (85720368, 1, ...
 01668  1288   NtSetEventBoostPriority  (96, ...
 01664   468   NtCreateThread  ... 572, {460, 1436}, ) == 0x0
 01411   960   NtWaitForSingleObject  ... ) == 0x0
 01666  1092   NtDuplicateObject  ... 576, ) == 0x0
 01669  1180   NtRegisterThreadTerminatePort  (24, ...
 01349  1408   NtWaitForSingleObject  ... ) == 0x0
 01668  1288   NtSetEventBoostPriority  ... ) == 0x0
 01670   468   NtQueryInformationThread  (572, Basic, 28, ...
 01671   960   NtSetEventBoostPriority  (448, ...
 01665  1096   NtSetEventBoostPriority  ... ) == 0x0
 01672  1408   NtSetEventBoostPriority  (96, ...
 01669  1180   NtRegisterThreadTerminatePort  ... ) == 0x0
 01673  1288   NtTestAlert  (...
 01674  1092   NtWaitForSingleObject  (448, 0, 0x0, ...
 01407   936   NtWaitForSingleObject  ... ) == 0x0
 01671   960   NtSetEventBoostPriority  ... ) == 0x0
 01422  1420   NtWaitForSingleObject  ... ) == 0x0
 01672  1408   NtSetEventBoostPriority  ... ) == 0x0
 01675  1096   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01676  1180   NtWaitForSingleObject  (448, 0, 0x0, ...
 01673  1288   NtTestAlert  ... ) == 0x0
 01677   936   NtSetEventBoostPriority  (448, ...
 01678  1420   NtSetEventBoostPriority  (96, ...
 01679   960   NtWaitForSingleObject  (448, 0, 0x0, ...
 01670   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff6b000,Pid=460,Tid=1436,}, 0x0, ) == 0x0
 01675  1096   NtDuplicateObject  ... 580, ) == 0x0
 01680  1408   NtTestAlert  (...
 01413  1100   NtWaitForSingleObject  ... ) == 0x0
 01491  1424   NtWaitForSingleObject  ... ) == 0x0
 01678  1420   NtSetEventBoostPriority  ... ) == 0x0
 01681  1288   NtContinue  (86768944, 1, ...
 01677   936   NtSetEventBoostPriority  ... ) == 0x0
 01682   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1626, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1626, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO<\2\0\0\314\1\0\0\234\5\0\0" ...  ...
 01680  1408   NtTestAlert  ... ) == 0x0
 01683  1424   NtSetEventBoostPriority  (96, ...
 01684  1100   NtSetEventBoostPriority  (448, ...
 01685  1096   NtWaitForSingleObject  (448, 0, 0x0, ...
 01686  1288   NtRegisterThreadTerminatePort  (24, ...
 01687   936   NtWaitForSingleObject  (448, 0, 0x0, ...
 01682   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1627, 0}  ... {28, 56, reply, 0, 460, 468, 1627, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO<\2\0\0\314\1\0\0\234\5\0\0" )  ) == 0x0
 01558  1428   NtWaitForSingleObject  ... ) == 0x0
 01683  1424   NtSetEventBoostPriority  ... ) == 0x0
 01688  1408   NtContinue  (87817520, 1, ...
 01419  1104   NtWaitForSingleObject  ... ) == 0x0
 01684  1100   NtSetEventBoostPriority  ... ) == 0x0
 01689  1420   NtTestAlert  (...
 01690  1428   NtSetEventBoostPriority  (96, ...
 01691   468   NtResumeThread  (572, ...
 01686  1288   NtRegisterThreadTerminatePort  ... ) == 0x0
 01692  1408   NtRegisterThreadTerminatePort  (24, ...
 01693  1104   NtSetEventBoostPriority  (448, ...
 01694  1100   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01629  1432   NtWaitForSingleObject  ... ) == 0x0
 01690  1428   NtSetEventBoostPriority  ... ) == 0x0
 01689  1420   NtTestAlert  ... ) == 0x0
 01691   468   NtResumeThread  ... 1, ) == 0x0
 01695  1288   NtWaitForSingleObject  (448, 0, 0x0, ...
 01692  1408   NtRegisterThreadTerminatePort  ... ) == 0x0
 01423   964   NtWaitForSingleObject  ... ) == 0x0
 01696  1432   NtSetEventBoostPriority  (96, ...
 01694  1100   NtDuplicateObject  ... 584, ) == 0x0
 01693  1104   NtSetEventBoostPriority  ... ) == 0x0
 01697  1424   NtTestAlert  (...
 01698  1436   NtWaitForSingleObject  (96, 0, 0x0, ...
 01699  1420   NtContinue  (88866096, 1, ...
 01700  1428   NtTestAlert  (...
 01701  1408   NtWaitForSingleObject  (448, 0, 0x0, ...
 01650   864   NtWaitForSingleObject  ... ) == 0x0
 01696  1432   NtSetEventBoostPriority  ... ) == 0x0
 01702   964   NtSetEventBoostPriority  (448, ...
 01703   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01704  1104   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01697  1424   NtTestAlert  ... ) == 0x0
 01705  1420   NtRegisterThreadTerminatePort  (24, ...
 01700  1428   NtTestAlert  ... ) == 0x0
 01706  1100   NtWaitForSingleObject  (448, 0, 0x0, ...
 01707   864   NtSetEventBoostPriority  (96, ...
 01421   940   NtWaitForSingleObject  ... ) == 0x0
 01702   964   NtSetEventBoostPriority  ... ) == 0x0
 01703   468   NtAllocateVirtualMemory  ... 93061120, 1048576, ) == 0x0
 01704  1104   NtDuplicateObject  ... 588, ) == 0x0
 01708  1424   NtContinue  (89914672, 1, ...
 01705  1420   NtRegisterThreadTerminatePort  ... ) == 0x0
 01709  1428   NtContinue  (90963248, 1, ...
 01698  1436   NtWaitForSingleObject  ... ) == 0x0
 01710   940   NtSetEventBoostPriority  (448, ...
 01711   964   NtWaitForSingleObject  (448, 0, 0x0, ...
 01712   468   NtAllocateVirtualMemory  (-1, 94101504, 0, 8192, 4096, 4, ...
 01707   864   NtSetEventBoostPriority  ... ) == 0x0
 01713  1432   NtTestAlert  (...
 01714  1424   NtRegisterThreadTerminatePort  (24, ...
 01715  1420   NtWaitForSingleObject  (448, 0, 0x0, ...
 01716  1428   NtRegisterThreadTerminatePort  (24, ...
 01431   912   NtWaitForSingleObject  ... ) == 0x0
 01717  1436   NtTestAlert  (...
 01710   940   NtSetEventBoostPriority  ... ) == 0x0
 01718  1104   NtWaitForSingleObject  (448, 0, 0x0, ...
 01712   468   NtAllocateVirtualMemory  ... 94101504, 8192, ) == 0x0
 01719   864   NtWaitForSingleObject  (448, 0, 0x0, ...
 01713  1432   NtTestAlert  ... ) == 0x0
 01714  1424   NtRegisterThreadTerminatePort  ... ) == 0x0
 01716  1428   NtRegisterThreadTerminatePort  ... ) == 0x0
 01720   912   NtSetEventBoostPriority  (448, ...
 01717  1436   NtTestAlert  ... ) == 0x0
 01721   940   NtWaitForSingleObject  (448, 0, 0x0, ...
 01722   468   NtProtectVirtualMemory  (-1, (0x59be000), 4096, 260, ...
 01723  1432   NtContinue  (92011824, 1, ...
 01724  1424   NtWaitForSingleObject  (448, 0, 0x0, ...
 01725  1428   NtWaitForSingleObject  (448, 0, 0x0, ...
 01440  1108   NtWaitForSingleObject  ... ) == 0x0
 01720   912   NtSetEventBoostPriority  ... ) == 0x0
 01722   468   NtProtectVirtualMemory  ... (0x59be000), 4096, 4, ) == 0x0
 01726  1432   NtRegisterThreadTerminatePort  (24, ...
 01727  1436   NtContinue  (93060400, 1, ...
 01728  1108   NtSetEventBoostPriority  (448, ...
 01729   912   NtCreateEvent  (0x100003, 0x0, 1, 0, ...
 01726  1432   NtRegisterThreadTerminatePort  ... ) == 0x0
 01445  1152   NtWaitForSingleObject  ... ) == 0x0
 01728  1108   NtSetEventBoostPriority  ... ) == 0x0
 01730  1436   NtRegisterThreadTerminatePort  (24, ...
 01731   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01732  1152   NtSetEventBoostPriority  (448, ...
 01733  1432   NtWaitForSingleObject  (448, 0, 0x0, ...
 01729   912   NtCreateEvent  ... 592, ) == 0x0
 01730  1436   NtRegisterThreadTerminatePort  ... ) == 0x0
 01449   968   NtWaitForSingleObject  ... ) == 0x0
 01731   468   NtCreateThread  ... 596, {460, 1440}, ) == 0x0
 01732  1152   NtSetEventBoostPriority  ... ) == 0x0
 01734  1108   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01735   912   NtWaitForSingleObject  (592, 0, 0x0, ...
 01736  1436   NtWaitForSingleObject  (448, 0, 0x0, ...
 01737   968   NtSetEventBoostPriority  (448, ...
 01738   468   NtQueryInformationThread  (596, Basic, 28, ...
 01739  1152   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01734  1108   NtDuplicateObject  ... 600, ) == 0x0
 01457   308   NtWaitForSingleObject  ... ) == 0x0
 01737   968   NtSetEventBoostPriority  ... ) == 0x0
 01738   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff6a000,Pid=460,Tid=1440,}, 0x0, ) == 0x0
 01739  1152   NtDuplicateObject  ... 604, ) == 0x0
 01740   308   NtSetEventBoostPriority  (448, ...
 01741  1108   NtWaitForSingleObject  (448, 0, 0x0, ...
 01742   968   NtWaitForSingleObject  (448, 0, 0x0, ...
 01743   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1627, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1627, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOT\2\0\0\314\1\0\0\240\5\0\0" ...  ...
 01460   992   NtWaitForSingleObject  ... ) == 0x0
 01740   308   NtSetEventBoostPriority  ... ) == 0x0
 01744  1152   NtWaitForSingleObject  (448, 0, 0x0, ...
 01745   992   NtSetEventBoostPriority  (448, ...
 01746   308   NtWaitForSingleObject  (592, 0, 0x0, ...
 01456  1148   NtWaitForSingleObject  ... ) == 0x0
 01745   992   NtSetEventBoostPriority  ... ) == 0x0
 01743   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1628, 0}  ... {28, 56, reply, 0, 460, 468, 1628, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOT\2\0\0\314\1\0\0\240\5\0\0" )  ) == 0x0
 01747  1148   NtSetEventBoostPriority  (448, ...
 01748   992   NtWaitForSingleObject  (448, 0, 0x0, ...
 01468  1128   NtWaitForSingleObject  ... ) == 0x0
 01749   468   NtResumeThread  (596, ...
 01747  1148   NtSetEventBoostPriority  ... ) == 0x0
 01750  1128   NtSetEventBoostPriority  (448, ...
 01749   468   NtResumeThread  ... 1, ) == 0x0
 01751  1148   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01471  1156   NtWaitForSingleObject  ... ) == 0x0
 01752   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01751  1148   NtDuplicateObject  ... 608, ) == 0x0
 01753  1156   NtSetEventBoostPriority  (448, ...
 01752   468   NtAllocateVirtualMemory  ... 94109696, 1048576, ) == 0x0
 01750  1128   NtSetEventBoostPriority  ... ) == 0x0
 01754  1440   NtTestAlert  (...
 01475   888   NtWaitForSingleObject  ... ) == 0x0
 01755   468   NtAllocateVirtualMemory  (-1, 95150080, 0, 8192, 4096, 4, ...
 01756  1128   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01754  1440   NtTestAlert  ... ) == 0x0
 01757   888   NtSetEventBoostPriority  (448, ...
 01753  1156   NtSetEventBoostPriority  ... ) == 0x0
 01758  1148   NtWaitForSingleObject  (448, 0, 0x0, ...
 01756  1128   NtDuplicateObject  ... 612, ) == 0x0
 01759  1440   NtContinue  (94108976, 1, ...
 01476   996   NtWaitForSingleObject  ... ) == 0x0
 01757   888   NtSetEventBoostPriority  ... ) == 0x0
 01760  1156   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01755   468   NtAllocateVirtualMemory  ... 95150080, 8192, ) == 0x0
 01761   996   NtSetEventBoostPriority  (448, ...
 01762  1440   NtRegisterThreadTerminatePort  (24, ...
 01763   888   NtWaitForSingleObject  (448, 0, 0x0, ...
 01760  1156   NtDuplicateObject  ... 616, ) == 0x0
 01479   320   NtWaitForSingleObject  ... ) == 0x0
 01761   996   NtSetEventBoostPriority  ... ) == 0x0
 01764   468   NtProtectVirtualMemory  (-1, (0x5abe000), 4096, 260, ...
 01762  1440   NtRegisterThreadTerminatePort  ... ) == 0x0
 01765  1128   NtWaitForSingleObject  (448, 0, 0x0, ...
 01766   320   NtSetEventBoostPriority  (448, ...
 01767   996   NtWaitForSingleObject  (448, 0, 0x0, ...
 01764   468   NtProtectVirtualMemory  ... (0x5abe000), 4096, 4, ) == 0x0
 01768  1156   NtWaitForSingleObject  (448, 0, 0x0, ...
 01486  1172   NtWaitForSingleObject  ... ) == 0x0
 01766   320   NtSetEventBoostPriority  ... ) == 0x0
 01769  1440   NtWaitForSingleObject  (448, 0, 0x0, ...
 01770   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01771  1172   NtSetEventBoostPriority  (448, ...
 01772   320   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01770   468   NtCreateThread  ... 620, {460, 1444}, ) == 0x0
 01492  1012   NtWaitForSingleObject  ... ) == 0x0
 01772   320   NtDuplicateObject  ... 624, ) == 0x0
 01773   468   NtQueryInformationThread  (620, Basic, 28, ...
 01774  1012   NtSetEventBoostPriority  (448, ...
 01771  1172   NtSetEventBoostPriority  ... ) == 0x0
 01775   320   NtWaitForSingleObject  (448, 0, 0x0, ...
 01496  1184   NtWaitForSingleObject  ... ) == 0x0
 01774  1012   NtSetEventBoostPriority  ... ) == 0x0
 01776  1172   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01777  1184   NtSetEventBoostPriority  (448, ...
 01778  1012   NtWaitForSingleObject  (448, 0, 0x0, ...
 01500   932   NtWaitForSingleObject  ... ) == 0x0
 01776  1172   NtDuplicateObject  ... 628, ) == 0x0
 01777  1184   NtSetEventBoostPriority  ... ) == 0x0
 01773   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff69000,Pid=460,Tid=1444,}, 0x0, ) == 0x0
 01779   932   NtSetEventBoostPriority  (448, ...
 01780  1184   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01781   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1628, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1628, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOl\2\0\0\314\1\0\0\244\5\0\0" ...  ...
 01511  1024   NtWaitForSingleObject  ... ) == 0x0
 01780  1184   NtDuplicateObject  ... 632, ) == 0x0
 01781   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1629, 0}  ... {28, 56, reply, 0, 460, 468, 1629, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOl\2\0\0\314\1\0\0\244\5\0\0" )  ) == 0x0
 01782  1024   NtSetEventBoostPriority  (448, ...
 01779   932   NtSetEventBoostPriority  ... ) == 0x0
 01783  1172   NtWaitForSingleObject  (448, 0, 0x0, ...
 01784   468   NtResumeThread  (620, ...
 01507   324   NtWaitForSingleObject  ... ) == 0x0
 01782  1024   NtSetEventBoostPriority  ... ) == 0x0
 01785   932   NtWaitForSingleObject  (592, 0, 0x0, ...
 01786   324   NtSetEventBoostPriority  (448, ...
 01784   468   NtResumeThread  ... 1, ) == 0x0
 01787  1024   NtWaitForSingleObject  (448, 0, 0x0, ...
 01523  1028   NtWaitForSingleObject  ... ) == 0x0
 01786   324   NtSetEventBoostPriority  ... ) == 0x0
 01788  1184   NtWaitForSingleObject  (448, 0, 0x0, ...
 01789  1444   NtTestAlert  (...
 01790   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01791  1028   NtSetEventBoostPriority  (448, ...
 01792   324   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01789  1444   NtTestAlert  ... ) == 0x0
 01790   468   NtAllocateVirtualMemory  ... 95158272, 1048576, ) == 0x0
 01515  1192   NtWaitForSingleObject  ... ) == 0x0
 01791  1028   NtSetEventBoostPriority  ... ) == 0x0
 01792   324   NtDuplicateObject  ... 636, ) == 0x0
 01793  1444   NtContinue  (95157552, 1, ...
 01794  1192   NtSetEventBoostPriority  (448, ...
 01795   468   NtAllocateVirtualMemory  (-1, 96198656, 0, 8192, 4096, 4, ...
 01796  1028   NtWaitForSingleObject  (448, 0, 0x0, ...
 01525  1072   NtWaitForSingleObject  ... ) == 0x0
 01797  1444   NtRegisterThreadTerminatePort  (24, ...
 01795   468   NtAllocateVirtualMemory  ... 96198656, 8192, ) == 0x0
 01794  1192   NtSetEventBoostPriority  ... ) == 0x0
 01798   324   NtWaitForSingleObject  (448, 0, 0x0, ...
 01799  1072   NtSetEventBoostPriority  (448, ...
 01797  1444   NtRegisterThreadTerminatePort  ... ) == 0x0
 01800   468   NtProtectVirtualMemory  (-1, (0x5bbe000), 4096, 260, ...
 01801  1192   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01529   892   NtWaitForSingleObject  ... ) == 0x0
 01799  1072   NtSetEventBoostPriority  ... ) == 0x0
 01800   468   NtProtectVirtualMemory  ... (0x5bbe000), 4096, 4, ) == 0x0
 01801  1192   NtDuplicateObject  ... 640, ) == 0x0
 01802   892   NtSetEventBoostPriority  (448, ...
 01803  1072   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01804  1444   NtWaitForSingleObject  (448, 0, 0x0, ...
 01805   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01527  1208   NtWaitForSingleObject  ... ) == 0x0
 01802   892   NtSetEventBoostPriority  ... ) == 0x0
 01803  1072   NtDuplicateObject  ... 644, ) == 0x0
 01806  1208   NtSetEventBoostPriority  (448, ...
 01805   468   NtCreateThread  ... 648, {460, 1448}, ) == 0x0
 01807   892   NtWaitForSingleObject  (592, 0, 0x0, ...
 01808  1192   NtWaitForSingleObject  (448, 0, 0x0, ...
 01534  1000   NtWaitForSingleObject  ... ) == 0x0
 01809   468   NtQueryInformationThread  (648, Basic, 28, ...
 01806  1208   NtSetEventBoostPriority  ... ) == 0x0
 01810  1072   NtWaitForSingleObject  (448, 0, 0x0, ...
 01811  1000   NtSetEventBoostPriority  (448, ...
 01809   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff68000,Pid=460,Tid=1448,}, 0x0, ) == 0x0
 01812  1208   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01540  1216   NtWaitForSingleObject  ... ) == 0x0
 01811  1000   NtSetEventBoostPriority  ... ) == 0x0
 01813   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1629, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1629, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\210\2\0\0\314\1\0\0\250\5\0\0" ...  ...
 01814  1216   NtSetEventBoostPriority  (448, ...
 01812  1208   NtDuplicateObject  ... 652, ) == 0x0
 01815  1000   NtWaitForSingleObject  (448, 0, 0x0, ...
 01545  1224   NtWaitForSingleObject  ... ) == 0x0
 01813   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1630, 0}  ... {28, 56, reply, 0, 460, 468, 1630, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\210\2\0\0\314\1\0\0\250\5\0\0" )  ) == 0x0
 01814  1216   NtSetEventBoostPriority  ... ) == 0x0
 01816  1208   NtWaitForSingleObject  (448, 0, 0x0, ...
 01817  1224   NtSetEventBoostPriority  (448, ...
 01818   468   NtResumeThread  (648, ...
 01819  1216   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01549  1032   NtWaitForSingleObject  ... ) == 0x0
 01818   468   NtResumeThread  ... 1, ) == 0x0
 01819  1216   NtDuplicateObject  ... 656, ) == 0x0
 01820  1032   NtSetEventBoostPriority  (448, ...
 01821   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01817  1224   NtSetEventBoostPriority  ... ) == 0x0
 01822  1448   NtTestAlert  (...
 01551  1232   NtWaitForSingleObject  ... ) == 0x0
 01820  1032   NtSetEventBoostPriority  ... ) == 0x0
 01821   468   NtAllocateVirtualMemory  ... 96206848, 1048576, ) == 0x0
 01823  1224   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01824  1232   NtSetEventBoostPriority  (448, ...
 01822  1448   NtTestAlert  ... ) == 0x0
 01825  1032   NtWaitForSingleObject  (448, 0, 0x0, ...
 01826   468   NtAllocateVirtualMemory  (-1, 97247232, 0, 8192, 4096, 4, ...
 01555   944   NtWaitForSingleObject  ... ) == 0x0
 01823  1224   NtDuplicateObject  ... 660, ) == 0x0
 01827  1448   NtContinue  (96206128, 1, ...
 01824  1232   NtSetEventBoostPriority  ... ) == 0x0
 01828  1216   NtWaitForSingleObject  (448, 0, 0x0, ...
 01829   944   NtSetEventBoostPriority  (448, ...
 01826   468   NtAllocateVirtualMemory  ... 97247232, 8192, ) == 0x0
 01830  1448   NtRegisterThreadTerminatePort  (24, ...
 01831  1232   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01560  1048   NtWaitForSingleObject  ... ) == 0x0
 01832   468   NtProtectVirtualMemory  (-1, (0x5cbe000), 4096, 260, ...
 01830  1448   NtRegisterThreadTerminatePort  ... ) == 0x0
 01831  1232   NtDuplicateObject  ... 664, ) == 0x0
 01833  1048   NtAllocateVirtualMemory  (-1, 1359872, 0, 4096, 4096, 4, ...
 01832   468   NtProtectVirtualMemory  ... (0x5cbe000), 4096, 4, ) == 0x0
 01829   944   NtSetEventBoostPriority  ... ) == 0x0
 01834  1224   NtWaitForSingleObject  (448, 0, 0x0, ...
 01835  1448   NtWaitForSingleObject  (448, 0, 0x0, ...
 01833  1048   NtAllocateVirtualMemory  ... 1359872, 4096, ) == 0x0
 01836   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01837   944   NtWaitForSingleObject  (448, 0, 0x0, ...
 01838  1048   NtSetEventBoostPriority  (448, ...
 01836   468   NtCreateThread  ... 668, {460, 716}, ) == 0x0
 01839  1232   NtWaitForSingleObject  (448, 0, 0x0, ...
 01840   468   NtQueryInformationThread  (668, Basic, 28, ...
 01567  1236   NtWaitForSingleObject  ... ) == 0x0
 01838  1048   NtSetEventBoostPriority  ... ) == 0x0
 01841  1236   NtSetEventBoostPriority  (448, ...
 01842  1048   NtWaitForSingleObject  (448, 0, 0x0, ...
 01570  1252   NtWaitForSingleObject  ... ) == 0x0
 01843  1252   NtSetEventBoostPriority  (448, ...
 01576  1064   NtWaitForSingleObject  ... ) == 0x0
 01844  1064   NtSetEventBoostPriority  (448, ...
 01579   712   NtWaitForSingleObject  ... ) == 0x0
 01845   712   NtSetEventBoostPriority  (448, ...
 01586  1084   NtWaitForSingleObject  ... ) == 0x0
 01846  1084   NtSetEventBoostPriority  (448, ...
 01590   948   NtWaitForSingleObject  ... ) == 0x0
 01847   948   NtSetEventBoostPriority  (448, ...
 01593  1256   NtWaitForSingleObject  ... ) == 0x0
 01848  1256   NtSetEventBoostPriority  (448, ...
 01597  1240   NtWaitForSingleObject  ... ) == 0x0
 01849  1240   NtSetEventBoostPriority  (448, ...
 01605  1244   NtWaitForSingleObject  ... ) == 0x0
 01850  1244   NtSetEventBoostPriority  (448, ...
 01609  1076   NtWaitForSingleObject  ... ) == 0x0
 01851  1076   NtSetEventBoostPriority  (448, ...
 01613  1296   NtWaitForSingleObject  ... ) == 0x0
 01852  1296   NtSetEventBoostPriority  (448, ...
 01619  1300   NtWaitForSingleObject  ... ) == 0x0
 01853  1300   NtSetEventBoostPriority  (448, ...
 01627  1080   NtWaitForSingleObject  ... ) == 0x0
 01854  1080   NtSetEventBoostPriority  (448, ...
 01628   876   NtWaitForSingleObject  ... ) == 0x0
 01855   876   NtSetEventBoostPriority  (448, ...
 01623   952   NtWaitForSingleObject  ... ) == 0x0
 01856   952   NtSetEventBoostPriority  (448, ...
 01631  1292   NtWaitForSingleObject  ... ) == 0x0
 01857  1292   NtSetEventBoostPriority  (448, ...
 01638  1304   NtWaitForSingleObject  ... ) == 0x0
 01858  1304   NtSetEventBoostPriority  (448, ...
 01646   916   NtWaitForSingleObject  ... ) == 0x0
 01859   916   NtSetEventBoostPriority  (448, ...
 01647  1272   NtWaitForSingleObject  ... ) == 0x0
 01860  1272   NtSetEventBoostPriority  (448, ...
 01657  1088   NtWaitForSingleObject  ... ) == 0x0
 01861  1088   NtSetEventBoostPriority  (448, ...
 01659  1312   NtWaitForSingleObject  ... ) == 0x0
 01862  1312   NtSetEventBoostPriority  (448, ...
 01660   956   NtWaitForSingleObject  ... ) == 0x0
 01863   956   NtSetEventBoostPriority  (448, ...
 01662  1004   NtWaitForSingleObject  ... ) == 0x0
 01864  1004   NtSetEventBoostPriority  (448, ...
 01663  1316   NtWaitForSingleObject  ... ) == 0x0
 01865  1316   NtSetEventBoostPriority  (448, ...
 01674  1092   NtWaitForSingleObject  ... ) == 0x0
 01866  1092   NtSetEventBoostPriority  (448, ...
 01676  1180   NtWaitForSingleObject  ... ) == 0x0
 01867  1180   NtSetEventBoostPriority  (448, ...
 01679   960   NtWaitForSingleObject  ... ) == 0x0
 01868   960   NtSetEventBoostPriority  (448, ...
 01685  1096   NtWaitForSingleObject  ... ) == 0x0
 01869  1096   NtSetEventBoostPriority  (448, ...
 01687   936   NtWaitForSingleObject  ... ) == 0x0
 01870   936   NtSetEventBoostPriority  (448, ...
 01695  1288   NtWaitForSingleObject  ... ) == 0x0
 01871  1288   NtSetEventBoostPriority  (448, ...
 01701  1408   NtWaitForSingleObject  ... ) == 0x0
 01872  1408   NtSetEventBoostPriority  (448, ...
 01706  1100   NtWaitForSingleObject  ... ) == 0x0
 01873  1100   NtAllocateVirtualMemory  (-1, 1363968, 0, 4096, 4096, 4, ... 1363968, 4096, ) == 0x0
 01874  1100   NtSetEventBoostPriority  (448, ...
 01871  1288   NtSetEventBoostPriority  ... ) == 0x0
 01870   936   NtSetEventBoostPriority  ... ) == 0x0
 01869  1096   NtSetEventBoostPriority  ... ) == 0x0
 01866  1092   NtSetEventBoostPriority  ... ) == 0x0
 01864  1004   NtSetEventBoostPriority  ... ) == 0x0
 01861  1088   NtSetEventBoostPriority  ... ) == 0x0
 01859   916   NtSetEventBoostPriority  ... ) == 0x0
 01855   876   NtSetEventBoostPriority  ... ) == 0x0
 01854  1080   NtSetEventBoostPriority  ... ) == 0x0
 01851  1076   NtSetEventBoostPriority  ... ) == 0x0
 01846  1084   NtSetEventBoostPriority  ... ) == 0x0
 01844  1064   NtSetEventBoostPriority  ... ) == 0x0
 01872  1408   NtSetEventBoostPriority  ... ) == 0x0
 01868   960   NtSetEventBoostPriority  ... ) == 0x0
 01867  1180   NtSetEventBoostPriority  ... ) == 0x0
 01865  1316   NtSetEventBoostPriority  ... ) == 0x0
 01863   956   NtSetEventBoostPriority  ... ) == 0x0
 01862  1312   NtSetEventBoostPriority  ... ) == 0x0
 01860  1272   NtSetEventBoostPriority  ... ) == 0x0
 01858  1304   NtSetEventBoostPriority  ... ) == 0x0
 01857  1292   NtSetEventBoostPriority  ... ) == 0x0
 01856   952   NtSetEventBoostPriority  ... ) == 0x0
 01853  1300   NtSetEventBoostPriority  ... ) == 0x0
 01852  1296   NtSetEventBoostPriority  ... ) == 0x0
 01850  1244   NtSetEventBoostPriority  ... ) == 0x0
 01849  1240   NtSetEventBoostPriority  ... ) == 0x0
 01848  1256   NtSetEventBoostPriority  ... ) == 0x0
 01847   948   NtSetEventBoostPriority  ... ) == 0x0
 01845   712   NtSetEventBoostPriority  ... ) == 0x0
 01843  1252   NtSetEventBoostPriority  ... ) == 0x0
 01841  1236   NtSetEventBoostPriority  ... ) == 0x0
 01840   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff67000,Pid=460,Tid=716,}, 0x0, ) == 0x0
 01711   964   NtWaitForSingleObject  ... ) == 0x0
 01874  1100   NtSetEventBoostPriority  ... ) == 0x0
 01875  1288   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01876  1096   NtWaitForSingleObject  (448, 0, 0x0, ...
 01877  1092   NtWaitForSingleObject  (448, 0, 0x0, ...
 01878  1004   NtWaitForSingleObject  (448, 0, 0x0, ...
 01879  1088   NtWaitForSingleObject  (448, 0, 0x0, ...
 01880   936   NtSetEventBoostPriority  (592, ...
 01881   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 01882   916   NtWaitForSingleObject  (132, 0, 0x0, ...
 01883  1076   NtWaitForSingleObject  (448, 0, 0x0, ...
 01884  1084   NtWaitForSingleObject  (448, 0, 0x0, ...
 01885  1064   NtWaitForSingleObject  (448, 0, 0x0, ...
 01886  1408   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01887   960   NtWaitForSingleObject  (592, 0, 0x0, ...
 01888  1180   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01889  1316   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01890   956   NtWaitForSingleObject  (448, 0, 0x0, ...
 01891  1312   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01892  1272   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01893  1304   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01894  1292   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01895   952   NtWaitForSingleObject  (448, 0, 0x0, ...
 01896  1300   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01897  1296   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01898  1244   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01899  1240   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01900  1256   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01901   948   NtWaitForSingleObject  (448, 0, 0x0, ...
 01902   712   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01903  1252   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01904  1236   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01905   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1630, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1630, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\234\2\0\0\314\1\0\0\314\2\0\0" ...  ...
 01906   964   NtSetEventBoostPriority  (448, ...
 01907  1100   NtWaitForSingleObject  (448, 0, 0x0, ...
 01875  1288   NtDuplicateObject  ... 672, ) == 0x0
 01908  1080   NtWaitForSingleObject  (448, 0, 0x0, ...
 01735   912   NtWaitForSingleObject  ... ) == 0x0
 01880   936   NtSetEventBoostPriority  ... ) == 0x0
 01886  1408   NtDuplicateObject  ... 676, ) == 0x0
 01888  1180   NtDuplicateObject  ... 680, ) == 0x0
 01889  1316   NtDuplicateObject  ... 684, ) == 0x0
 01891  1312   NtDuplicateObject  ... 688, ) == 0x0
 01892  1272   NtDuplicateObject  ... 692, ) == 0x0
 01893  1304   NtDuplicateObject  ... 696, ) == 0x0
 01894  1292   NtDuplicateObject  ... 700, ) == 0x0
 01896  1300   NtDuplicateObject  ... 704, ) == 0x0
 01897  1296   NtDuplicateObject  ... 708, ) == 0x0
 01898  1244   NtDuplicateObject  ... 712, ) == 0x0
 01899  1240   NtDuplicateObject  ... 716, ) == 0x0
 01900  1256   NtDuplicateObject  ... 720, ) == 0x0
 01902   712   NtDuplicateObject  ... 724, ) == 0x0
 01903  1252   NtDuplicateObject  ... 728, ) == 0x0
 01904  1236   NtDuplicateObject  ... 732, ) == 0x0
 01905   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1631, 0}  ... {28, 56, reply, 0, 460, 468, 1631, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\234\2\0\0\314\1\0\0\314\2\0\0" )  ) == 0x0
 01718  1104   NtWaitForSingleObject  ... ) == 0x0
 01909  1288   NtWaitForSingleObject  (448, 0, 0x0, ...
 01910   912   NtSetEventBoostPriority  (592, ...
 01911   936   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01906   964   NtSetEventBoostPriority  ... ) == 0x0
 01912  1408   NtWaitForSingleObject  (448, 0, 0x0, ...
 01913  1180   NtWaitForSingleObject  (448, 0, 0x0, ...
 01914  1316   NtWaitForSingleObject  (448, 0, 0x0, ...
 01915  1312   NtWaitForSingleObject  (448, 0, 0x0, ...
 01916  1272   NtWaitForSingleObject  (448, 0, 0x0, ...
 01917  1304   NtWaitForSingleObject  (448, 0, 0x0, ...
 01918  1292   NtWaitForSingleObject  (448, 0, 0x0, ...
 01919  1300   NtWaitForSingleObject  (448, 0, 0x0, ...
 01920  1296   NtWaitForSingleObject  (448, 0, 0x0, ...
 01921  1244   NtWaitForSingleObject  (448, 0, 0x0, ...
 01922  1240   NtWaitForSingleObject  (448, 0, 0x0, ...
 01923  1256   NtWaitForSingleObject  (448, 0, 0x0, ...
 01924   712   NtWaitForSingleObject  (448, 0, 0x0, ...
 01925  1252   NtWaitForSingleObject  (448, 0, 0x0, ...
 01926   468   NtResumeThread  (668, ...
 01927  1104   NtSetEventBoostPriority  (448, ...
 01746   308   NtWaitForSingleObject  ... ) == 0x0
 01910   912   NtSetEventBoostPriority  ... ) == 0x0
 01911   936   NtWaitForSingleObject  ... ) == 0x102
 01928   964   NtWaitForSingleObject  (448, 0, 0x0, ...
 01926   468   NtResumeThread  ... 1, ) == 0x0
 01929   308   NtWaitForSingleObject  (448, 0, 0x0, ...
 01719   864   NtWaitForSingleObject  ... ) == 0x0
 01927  1104   NtSetEventBoostPriority  ... ) == 0x0
 01930  1236   NtWaitForSingleObject  (448, 0, 0x0, ...
 01931   716   NtTestAlert  (...
 01932   936   NtWaitForSingleObject  (448, 0, 0x0, ...
 01933   912   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01934   864   NtSetEventBoostPriority  (448, ...
 01935  1104   NtWaitForSingleObject  (448, 0, 0x0, ...
 01931   716   NtTestAlert  ... ) == 0x0
 01936   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01715  1420   NtWaitForSingleObject  ... ) == 0x0
 01934   864   NtSetEventBoostPriority  ... ) == 0x0
 01933   912   NtWaitForSingleObject  ... ) == 0x102
 01937   716   NtContinue  (97254704, 1, ...
 01938  1420   NtSetEventBoostPriority  (448, ...
 01936   468   NtAllocateVirtualMemory  ... 97255424, 1048576, ) == 0x0
 01939   912   NtWaitForSingleObject  (448, 0, 0x0, ...
 01721   940   NtWaitForSingleObject  ... ) == 0x0
 01940   716   NtRegisterThreadTerminatePort  (24, ...
 01941   468   NtAllocateVirtualMemory  (-1, 98295808, 0, 8192, 4096, 4, ...
 01942   940   NtSetEventBoostPriority  (448, ...
 01940   716   NtRegisterThreadTerminatePort  ... ) == 0x0
 01941   468   NtAllocateVirtualMemory  ... 98295808, 8192, ) == 0x0
 01724  1424   NtWaitForSingleObject  ... ) == 0x0
 01942   940   NtSetEventBoostPriority  ... ) == 0x0
 01938  1420   NtSetEventBoostPriority  ... ) == 0x0
 01943   864   NtWaitForSingleObject  (592, 0, 0x0, ...
 01944  1424   NtSetEventBoostPriority  (448, ...
 01945   468   NtProtectVirtualMemory  (-1, (0x5dbe000), 4096, 260, ...
 01946   716   NtWaitForSingleObject  (448, 0, 0x0, ...
 01947  1420   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01725  1428   NtWaitForSingleObject  ... ) == 0x0
 01945   468   NtProtectVirtualMemory  ... (0x5dbe000), 4096, 4, ) == 0x0
 01947  1420   NtDuplicateObject  ... 736, ) == 0x0
 01948  1428   NtSetEventBoostPriority  (448, ...
 01944  1424   NtSetEventBoostPriority  ... ) == 0x0
 01949   940   NtWaitForSingleObject  (592, 0, 0x0, ...
 01950   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01736  1436   NtWaitForSingleObject  ... ) == 0x0
 01951  1424   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01950   468   NtCreateThread  ... 740, {460, 1320}, ) == 0x0
 01952  1436   NtSetEventBoostPriority  (448, ...
 01951  1424   NtDuplicateObject  ... 744, ) == 0x0
 01953   468   NtQueryInformationThread  (740, Basic, 28, ...
 01733  1432   NtWaitForSingleObject  ... ) == 0x0
 01952  1436   NtSetEventBoostPriority  ... ) == 0x0
 01948  1428   NtSetEventBoostPriority  ... ) == 0x0
 01954  1420   NtWaitForSingleObject  (448, 0, 0x0, ...
 01955  1424   NtWaitForSingleObject  (448, 0, 0x0, ...
 01956  1432   NtSetEventBoostPriority  (448, ...
 01953   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff66000,Pid=460,Tid=1320,}, 0x0, ) == 0x0
 01957  1428   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01741  1108   NtWaitForSingleObject  ... ) == 0x0
 01958   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1631, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1631, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\344\2\0\0\314\1\0\0(\5\0\0" ...  ...
 01957  1428   NtDuplicateObject  ... 748, ) == 0x0
 01959  1108   NtSetEventBoostPriority  (448, ...
 01958   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1632, 0}  ... {28, 56, reply, 0, 460, 468, 1632, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\344\2\0\0\314\1\0\0(\5\0\0" )  ) == 0x0
 01956  1432   NtSetEventBoostPriority  ... ) == 0x0
 01960  1436   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01744  1152   NtWaitForSingleObject  ... ) == 0x0
 01959  1108   NtSetEventBoostPriority  ... ) == 0x0
 01961   468   NtResumeThread  (740, ...
 01962  1432   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01963  1152   NtSetEventBoostPriority  (448, ...
 01960  1436   NtDuplicateObject  ... 752, ) == 0x0
 01964  1428   NtWaitForSingleObject  (448, 0, 0x0, ...
 01961   468   NtResumeThread  ... 1, ) == 0x0
 01742   968   NtWaitForSingleObject  ... ) == 0x0
 01963  1152   NtSetEventBoostPriority  ... ) == 0x0
 01962  1432   NtDuplicateObject  ... 756, ) == 0x0
 01965  1436   NtWaitForSingleObject  (448, 0, 0x0, ...
 01966  1108   NtWaitForSingleObject  (448, 0, 0x0, ...
 01967  1320   NtTestAlert  (...
 01968   968   NtSetEventBoostPriority  (448, ...
 01969  1152   NtWaitForSingleObject  (448, 0, 0x0, ...
 01970   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01748   992   NtWaitForSingleObject  ... ) == 0x0
 01967  1320   NtTestAlert  ... ) == 0x0
 01968   968   NtSetEventBoostPriority  ... ) == 0x0
 01971  1432   NtWaitForSingleObject  (448, 0, 0x0, ...
 01970   468   NtAllocateVirtualMemory  ... 98304000, 1048576, ) == 0x0
 01972   992   NtSetEventBoostPriority  (448, ...
 01973  1320   NtContinue  (98303280, 1, ...
 01974   968   NtWaitForSingleObject  (592, 0, 0x0, ...
 01975   468   NtAllocateVirtualMemory  (-1, 99344384, 0, 8192, 4096, 4, ...
 01758  1148   NtWaitForSingleObject  ... ) == 0x0
 01976  1320   NtRegisterThreadTerminatePort  (24, ...
 01975   468   NtAllocateVirtualMemory  ... 99344384, 8192, ) == 0x0
 01977  1148   NtSetEventBoostPriority  (448, ...
 01976  1320   NtRegisterThreadTerminatePort  ... ) == 0x0
 01978   468   NtProtectVirtualMemory  (-1, (0x5ebe000), 4096, 260, ...
 01763   888   NtWaitForSingleObject  ... ) == 0x0
 01977  1148   NtSetEventBoostPriority  ... ) == 0x0
 01972   992   NtSetEventBoostPriority  ... ) == 0x0
 01979   888   NtSetEventBoostPriority  (448, ...
 01978   468   NtProtectVirtualMemory  ... (0x5ebe000), 4096, 4, ) == 0x0
 01980  1148   NtWaitForSingleObject  (448, 0, 0x0, ...
 01765  1128   NtWaitForSingleObject  ... ) == 0x0
 01981   992   NtWaitForSingleObject  (592, 0, 0x0, ...
 01979   888   NtSetEventBoostPriority  ... ) == 0x0
 01982  1320   NtWaitForSingleObject  (448, 0, 0x0, ...
 01983   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 01984  1128   NtSetEventBoostPriority  (448, ...
 01985   888   NtWaitForSingleObject  (592, 0, 0x0, ...
 01983   468   NtCreateThread  ... 760, {460, 1456}, ) == 0x0
 01768  1156   NtWaitForSingleObject  ... ) == 0x0
 01984  1128   NtSetEventBoostPriority  ... ) == 0x0
 01986  1156   NtSetEventBoostPriority  (448, ...
 01987   468   NtQueryInformationThread  (760, Basic, 28, ...
 01769  1440   NtWaitForSingleObject  ... ) == 0x0
 01986  1156   NtSetEventBoostPriority  ... ) == 0x0
 01988  1128   NtWaitForSingleObject  (448, 0, 0x0, ...
 01989  1440   NtSetEventBoostPriority  (448, ...
 01987   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff65000,Pid=460,Tid=1456,}, 0x0, ) == 0x0
 01990  1156   NtWaitForSingleObject  (448, 0, 0x0, ...
 01767   996   NtWaitForSingleObject  ... ) == 0x0
 01989  1440   NtSetEventBoostPriority  ... ) == 0x0
 01991   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1632, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1632, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\370\2\0\0\314\1\0\0\260\5\0\0" ...  ...
 01992   996   NtSetEventBoostPriority  (448, ...
 01993  1440   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 01775   320   NtWaitForSingleObject  ... ) == 0x0
 01991   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1633, 0}  ... {28, 56, reply, 0, 460, 468, 1633, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\370\2\0\0\314\1\0\0\260\5\0\0" )  ) == 0x0
 01992   996   NtSetEventBoostPriority  ... ) == 0x0
 01994   320   NtSetEventBoostPriority  (448, ...
 01995   468   NtResumeThread  (760, ...
 01996   996   NtWaitForSingleObject  (448, 0, 0x0, ...
 01778  1012   NtWaitForSingleObject  ... ) == 0x0
 01994   320   NtSetEventBoostPriority  ... ) == 0x0
 01995   468   NtResumeThread  ... 1, ) == 0x0
 01997  1012   NtSetEventBoostPriority  (448, ...
 01998   320   NtWaitForSingleObject  (448, 0, 0x0, ...
 01783  1172   NtWaitForSingleObject  ... ) == 0x0
 01999   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 01997  1012   NtSetEventBoostPriority  ... ) == 0x0
 01993  1440   NtDuplicateObject  ... 764, ) == 0x0
 02000  1456   NtTestAlert  (...
 02001  1172   NtSetEventBoostPriority  (448, ...
 01999   468   NtAllocateVirtualMemory  ... 99352576, 1048576, ) == 0x0
 02002  1012   NtWaitForSingleObject  (448, 0, 0x0, ...
 02003  1440   NtWaitForSingleObject  (448, 0, 0x0, ...
 02000  1456   NtTestAlert  ... ) == 0x0
 01788  1184   NtWaitForSingleObject  ... ) == 0x0
 02001  1172   NtSetEventBoostPriority  ... ) == 0x0
 02004   468   NtAllocateVirtualMemory  (-1, 100392960, 0, 8192, 4096, 4, ...
 02005  1184   NtSetEventBoostPriority  (448, ...
 02006  1456   NtContinue  (99351856, 1, ...
 02007  1172   NtWaitForSingleObject  (448, 0, 0x0, ...
 01787  1024   NtWaitForSingleObject  ... ) == 0x0
 02005  1184   NtSetEventBoostPriority  ... ) == 0x0
 02008  1456   NtRegisterThreadTerminatePort  (24, ...
 02004   468   NtAllocateVirtualMemory  ... 100392960, 8192, ) == 0x0
 02009  1024   NtSetEventBoostPriority  (448, ...
 02010  1184   NtWaitForSingleObject  (448, 0, 0x0, ...
 02008  1456   NtRegisterThreadTerminatePort  ... ) == 0x0
 01798   324   NtWaitForSingleObject  ... ) == 0x0
 02011   468   NtProtectVirtualMemory  (-1, (0x5fbe000), 4096, 260, ...
 02009  1024   NtSetEventBoostPriority  ... ) == 0x0
 02012   324   NtSetEventBoostPriority  (448, ...
 02011   468   NtProtectVirtualMemory  ... (0x5fbe000), 4096, 4, ) == 0x0
 02013  1024   NtWaitForSingleObject  (592, 0, 0x0, ...
 01796  1028   NtWaitForSingleObject  ... ) == 0x0
 02012   324   NtSetEventBoostPriority  ... ) == 0x0
 02014   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02015  1028   NtSetEventBoostPriority  (448, ...
 02016   324   NtWaitForSingleObject  (448, 0, 0x0, ...
 01804  1444   NtWaitForSingleObject  ... ) == 0x0
 02014   468   NtCreateThread  ... 768, {460, 780}, ) == 0x0
 02015  1028   NtSetEventBoostPriority  ... ) == 0x0
 02017  1456   NtWaitForSingleObject  (448, 0, 0x0, ...
 02018  1444   NtSetEventBoostPriority  (448, ...
 02019   468   NtQueryInformationThread  (768, Basic, 28, ...
 02020  1028   NtWaitForSingleObject  (448, 0, 0x0, ...
 01808  1192   NtWaitForSingleObject  ... ) == 0x0
 02018  1444   NtSetEventBoostPriority  ... ) == 0x0
 02021  1192   NtSetEventBoostPriority  (448, ...
 01810  1072   NtWaitForSingleObject  ... ) == 0x0
 02022  1072   NtSetEventBoostPriority  (448, ...
 01816  1208   NtWaitForSingleObject  ... ) == 0x0
 02023  1208   NtSetEventBoostPriority  (448, ...
 01815  1000   NtWaitForSingleObject  ... ) == 0x0
 02024  1000   NtSetEventBoostPriority  (448, ...
 01825  1032   NtWaitForSingleObject  ... ) == 0x0
 02025  1032   NtSetEventBoostPriority  (448, ...
 01828  1216   NtWaitForSingleObject  ... ) == 0x0
 02026  1216   NtSetEventBoostPriority  (448, ...
 01834  1224   NtWaitForSingleObject  ... ) == 0x0
 02027  1224   NtSetEventBoostPriority  (448, ...
 01835  1448   NtWaitForSingleObject  ... ) == 0x0
 02028  1448   NtSetEventBoostPriority  (448, ...
 01837   944   NtWaitForSingleObject  ... ) == 0x0
 02029   944   NtSetEventBoostPriority  (448, ...
 01839  1232   NtWaitForSingleObject  ... ) == 0x0
 02030  1232   NtSetEventBoostPriority  (448, ...
 01842  1048   NtWaitForSingleObject  ... ) == 0x0
 02031  1048   NtSetEventBoostPriority  (448, ...
 01876  1096   NtWaitForSingleObject  ... ) == 0x0
 02032  1096   NtSetEventBoostPriority  (448, ...
 01877  1092   NtWaitForSingleObject  ... ) == 0x0
 02033  1092   NtSetEventBoostPriority  (448, ...
 01878  1004   NtWaitForSingleObject  ... ) == 0x0
 02034  1004   NtSetEventBoostPriority  (448, ...
 01879  1088   NtWaitForSingleObject  ... ) == 0x0
 02035  1088   NtAllocateVirtualMemory  (-1, 1368064, 0, 4096, 4096, 4, ... 1368064, 4096, ) == 0x0
 02036  1088   NtSetEventBoostPriority  (448, ...
 01881   876   NtWaitForSingleObject  ... ) == 0x0
 02037   876   NtSetEventBoostPriority  (448, ...
 01883  1076   NtWaitForSingleObject  ... ) == 0x0
 02038  1076   NtSetEventBoostPriority  (448, ...
 01884  1084   NtWaitForSingleObject  ... ) == 0x0
 02039  1084   NtSetEventBoostPriority  (448, ...
 01890   956   NtWaitForSingleObject  ... ) == 0x0
 02040   956   NtSetEventBoostPriority  (448, ...
 01895   952   NtWaitForSingleObject  ... ) == 0x0
 02041   952   NtSetEventBoostPriority  (448, ...
 01901   948   NtWaitForSingleObject  ... ) == 0x0
 02042   948   NtSetEventBoostPriority  (448, ...
 01907  1100   NtWaitForSingleObject  ... ) == 0x0
 02043  1100   NtSetEventBoostPriority  (448, ...
 01908  1080   NtWaitForSingleObject  ... ) == 0x0
 02044  1080   NtSetEventBoostPriority  (448, ...
 01885  1064   NtWaitForSingleObject  ... ) == 0x0
 02045  1064   NtSetEventBoostPriority  (448, ...
 01909  1288   NtWaitForSingleObject  ... ) == 0x0
 02046  1288   NtSetEventBoostPriority  (448, ...
 01912  1408   NtWaitForSingleObject  ... ) == 0x0
 02047  1408   NtSetEventBoostPriority  (448, ...
 01913  1180   NtWaitForSingleObject  ... ) == 0x0
 02048  1180   NtSetEventBoostPriority  (448, ...
 01914  1316   NtWaitForSingleObject  ... ) == 0x0
 02049  1316   NtSetEventBoostPriority  (448, ...
 01915  1312   NtWaitForSingleObject  ... ) == 0x0
 02050  1312   NtSetEventBoostPriority  (448, ...
 01916  1272   NtWaitForSingleObject  ... ) == 0x0
 02051  1272   NtSetEventBoostPriority  (448, ...
 01917  1304   NtWaitForSingleObject  ... ) == 0x0
 02052  1304   NtSetEventBoostPriority  (448, ...
 01918  1292   NtWaitForSingleObject  ... ) == 0x0
 02053  1292   NtSetEventBoostPriority  (448, ...
 01919  1300   NtWaitForSingleObject  ... ) == 0x0
 02054  1300   NtSetEventBoostPriority  (448, ...
 01920  1296   NtWaitForSingleObject  ... ) == 0x0
 02055  1296   NtSetEventBoostPriority  (448, ...
 01921  1244   NtWaitForSingleObject  ... ) == 0x0
 02056  1244   NtSetEventBoostPriority  (448, ...
 01922  1240   NtWaitForSingleObject  ... ) == 0x0
 02057  1240   NtSetEventBoostPriority  (448, ...
 01923  1256   NtWaitForSingleObject  ... ) == 0x0
 02058  1256   NtSetEventBoostPriority  (448, ...
 01924   712   NtWaitForSingleObject  ... ) == 0x0
 02059   712   NtSetEventBoostPriority  (448, ...
 01925  1252   NtWaitForSingleObject  ... ) == 0x0
 02060  1252   NtSetEventBoostPriority  (448, ...
 01928   964   NtWaitForSingleObject  ... ) == 0x0
 02061   964   NtSetEventBoostPriority  (448, ...
 01929   308   NtWaitForSingleObject  ... ) == 0x0
 02062   308   NtSetEventBoostPriority  (448, ...
 01930  1236   NtWaitForSingleObject  ... ) == 0x0
 02063  1236   NtSetEventBoostPriority  (448, ...
 01932   936   NtWaitForSingleObject  ... ) == 0x0
 02064   936   NtSetEventBoostPriority  (448, ...
 01935  1104   NtWaitForSingleObject  ... ) == 0x0
 02065  1104   NtSetEventBoostPriority  (448, ...
 01939   912   NtWaitForSingleObject  ... ) == 0x0
 02066   912   NtSetEventBoostPriority  (448, ...
 01946   716   NtWaitForSingleObject  ... ) == 0x0
 02067   716   NtSetEventBoostPriority  (448, ...
 01954  1420   NtWaitForSingleObject  ... ) == 0x0
 02068  1420   NtSetEventBoostPriority  (448, ...
 01955  1424   NtWaitForSingleObject  ... ) == 0x0
 02069  1424   NtSetEventBoostPriority  (448, ...
 01964  1428   NtWaitForSingleObject  ... ) == 0x0
 02070  1428   NtSetEventBoostPriority  (448, ...
 01965  1436   NtWaitForSingleObject  ... ) == 0x0
 02071  1436   NtSetEventBoostPriority  (448, ...
 01966  1108   NtWaitForSingleObject  ... ) == 0x0
 02072  1108   NtSetEventBoostPriority  (448, ...
 01971  1432   NtWaitForSingleObject  ... ) == 0x0
 02073  1432   NtSetEventBoostPriority  (448, ...
 01969  1152   NtWaitForSingleObject  ... ) == 0x0
 02074  1152   NtSetEventBoostPriority  (448, ...
 01982  1320   NtWaitForSingleObject  ... ) == 0x0
 02075  1320   NtSetEventBoostPriority  (448, ...
 01980  1148   NtWaitForSingleObject  ... ) == 0x0
 02076  1148   NtSetEventBoostPriority  (448, ...
 01988  1128   NtWaitForSingleObject  ... ) == 0x0
 02077  1128   NtSetEventBoostPriority  (448, ...
 01990  1156   NtWaitForSingleObject  ... ) == 0x0
 02078  1156   NtSetEventBoostPriority  (448, ...
 01996   996   NtWaitForSingleObject  ... ) == 0x0
 02079   996   NtSetEventBoostPriority  (448, ...
 02002  1012   NtWaitForSingleObject  ... ) == 0x0
 02080  1012   NtSetEventBoostPriority  (448, ...
 02003  1440   NtWaitForSingleObject  ... ) == 0x0
 02081  1440   NtSetEventBoostPriority  (448, ...
 01998   320   NtWaitForSingleObject  ... ) == 0x0
 02082   320   NtSetEventBoostPriority  (448, ...
 02007  1172   NtWaitForSingleObject  ... ) == 0x0
 02083  1172   NtSetEventBoostPriority  (448, ...
 02010  1184   NtWaitForSingleObject  ... ) == 0x0
 02084  1184   NtSetEventBoostPriority  (448, ...
 02017  1456   NtWaitForSingleObject  ... ) == 0x0
 02085  1456   NtSetEventBoostPriority  (448, ...
 02016   324   NtWaitForSingleObject  ... ) == 0x0
 02086   324   NtSetEventBoostPriority  (448, ...
 02020  1028   NtWaitForSingleObject  ... ) == 0x0
 02087  1028   NtWaitForSingleObject  (592, 0, 0x0, ...
 02085  1456   NtSetEventBoostPriority  ... ) == 0x0
 02088  1456   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02081  1440   NtSetEventBoostPriority  ... ) == 0x0
 02080  1012   NtSetEventBoostPriority  ... ) == 0x0
 02079   996   NtSetEventBoostPriority  ... ) == 0x0
 02075  1320   NtSetEventBoostPriority  ... ) == 0x0
 02073  1432   NtSetEventBoostPriority  ... ) == 0x0
 02072  1108   NtSetEventBoostPriority  ... ) == 0x0
 02071  1436   NtSetEventBoostPriority  ... ) == 0x0
 02070  1428   NtSetEventBoostPriority  ... ) == 0x0
 02069  1424   NtSetEventBoostPriority  ... ) == 0x0
 02068  1420   NtSetEventBoostPriority  ... ) == 0x0
 02067   716   NtSetEventBoostPriority  ... ) == 0x0
 02066   912   NtSetEventBoostPriority  ... ) == 0x0
 02063  1236   NtSetEventBoostPriority  ... ) == 0x0
 02061   964   NtSetEventBoostPriority  ... ) == 0x0
 02060  1252   NtSetEventBoostPriority  ... ) == 0x0
 02059   712   NtSetEventBoostPriority  ... ) == 0x0
 02058  1256   NtSetEventBoostPriority  ... ) == 0x0
 02057  1240   NtSetEventBoostPriority  ... ) == 0x0
 02056  1244   NtSetEventBoostPriority  ... ) == 0x0
 02055  1296   NtSetEventBoostPriority  ... ) == 0x0
 02054  1300   NtSetEventBoostPriority  ... ) == 0x0
 02053  1292   NtSetEventBoostPriority  ... ) == 0x0
 02052  1304   NtSetEventBoostPriority  ... ) == 0x0
 02051  1272   NtSetEventBoostPriority  ... ) == 0x0
 02050  1312   NtSetEventBoostPriority  ... ) == 0x0
 02049  1316   NtSetEventBoostPriority  ... ) == 0x0
 02048  1180   NtSetEventBoostPriority  ... ) == 0x0
 02047  1408   NtSetEventBoostPriority  ... ) == 0x0
 02046  1288   NtSetEventBoostPriority  ... ) == 0x0
 02044  1080   NtSetEventBoostPriority  ... ) == 0x0
 02043  1100   NtSetEventBoostPriority  ... ) == 0x0
 02042   948   NtSetEventBoostPriority  ... ) == 0x0
 02041   952   NtSetEventBoostPriority  ... ) == 0x0
 02040   956   NtSetEventBoostPriority  ... ) == 0x0
 02031  1048   NtSetEventBoostPriority  ... ) == 0x0
 02030  1232   NtSetEventBoostPriority  ... ) == 0x0
 02029   944   NtSetEventBoostPriority  ... ) == 0x0
 02028  1448   NtSetEventBoostPriority  ... ) == 0x0
 02027  1224   NtSetEventBoostPriority  ... ) == 0x0
 02026  1216   NtSetEventBoostPriority  ... ) == 0x0
 02023  1208   NtSetEventBoostPriority  ... ) == 0x0
 02022  1072   NtSetEventBoostPriority  ... ) == 0x0
 02021  1192   NtSetEventBoostPriority  ... ) == 0x0
 02089  1444   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02086   324   NtSetEventBoostPriority  ... ) == 0x0
 02084  1184   NtSetEventBoostPriority  ... ) == 0x0
 02083  1172   NtSetEventBoostPriority  ... ) == 0x0
 02082   320   NtSetEventBoostPriority  ... ) == 0x0
 02078  1156   NtSetEventBoostPriority  ... ) == 0x0
 02077  1128   NtSetEventBoostPriority  ... ) == 0x0
 02076  1148   NtSetEventBoostPriority  ... ) == 0x0
 02074  1152   NtSetEventBoostPriority  ... ) == 0x0
 02065  1104   NtSetEventBoostPriority  ... ) == 0x0
 02064   936   NtSetEventBoostPriority  ... ) == 0x0
 02062   308   NtSetEventBoostPriority  ... ) == 0x0
 02045  1064   NtSetEventBoostPriority  ... ) == 0x0
 02039  1084   NtSetEventBoostPriority  ... ) == 0x0
 02038  1076   NtSetEventBoostPriority  ... ) == 0x0
 02037   876   NtSetEventBoostPriority  ... ) == 0x0
 02036  1088   NtSetEventBoostPriority  ... ) == 0x0
 02034  1004   NtSetEventBoostPriority  ... ) == 0x0
 02033  1092   NtSetEventBoostPriority  ... ) == 0x0
 02032  1096   NtSetEventBoostPriority  ... ) == 0x0
 02025  1032   NtSetEventBoostPriority  ... ) == 0x0
 02024  1000   NtSetEventBoostPriority  ... ) == 0x0
 02019   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff64000,Pid=460,Tid=780,}, 0x0, ) == 0x0
 02088  1456   NtDuplicateObject  ... 772, ) == 0x0
 02090  1440   NtWaitForSingleObject  (592, 0, 0x0, ...
 02091  1012   NtWaitForSingleObject  (592, 0, 0x0, ...
 02092  1320   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02093  1432   NtWaitForSingleObject  (592, 0, 0x0, ...
 02094  1108   NtWaitForSingleObject  (592, 0, 0x0, ...
 02095   996   NtWaitForSingleObject  (592, 0, 0x0, ...
 02096  1428   NtWaitForSingleObject  (592, 0, 0x0, ...
 02097  1424   NtWaitForSingleObject  (592, 0, 0x0, ...
 02098  1420   NtWaitForSingleObject  (592, 0, 0x0, ...
 02099   716   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02100  1436   NtWaitForSingleObject  (592, 0, 0x0, ...
 02101  1236   NtWaitForSingleObject  (592, 0, 0x0, ...
 02102   912   NtWaitForSingleObject  (132, 0, 0x0, ...
 02103  1252   NtWaitForSingleObject  (592, 0, 0x0, ...
 02104   712   NtWaitForSingleObject  (592, 0, 0x0, ...
 02105  1256   NtWaitForSingleObject  (592, 0, 0x0, ...
 02106  1240   NtWaitForSingleObject  (592, 0, 0x0, ...
 02107  1244   NtWaitForSingleObject  (592, 0, 0x0, ...
 02108  1296   NtWaitForSingleObject  (592, 0, 0x0, ...
 02109  1300   NtWaitForSingleObject  (592, 0, 0x0, ...
 02110  1292   NtWaitForSingleObject  (592, 0, 0x0, ...
 02111  1304   NtWaitForSingleObject  (592, 0, 0x0, ...
 02112  1272   NtWaitForSingleObject  (592, 0, 0x0, ...
 02113  1312   NtWaitForSingleObject  (592, 0, 0x0, ...
 02114  1316   NtWaitForSingleObject  (592, 0, 0x0, ...
 02115  1180   NtWaitForSingleObject  (592, 0, 0x0, ...
 02116  1408   NtWaitForSingleObject  (592, 0, 0x0, ...
 02117   964   NtWaitForSingleObject  (592, 0, 0x0, ...
 02118  1080   NtWaitForSingleObject  (592, 0, 0x0, ...
 02119  1288   NtWaitForSingleObject  (592, 0, 0x0, ...
 02120  1100   NtAllocateVirtualMemory  (-1, 1372160, 0, 4096, 4096, 4, ...
 02121   948   NtWaitForSingleObject  (592, 0, 0x0, ...
 02122   952   NtWaitForSingleObject  (592, 0, 0x0, ...
 02123   956   NtWaitForSingleObject  (592, 0, 0x0, ...
 02124  1232   NtWaitForSingleObject  (448, 0, 0x0, ...
 02125  1048   NtWaitForSingleObject  (448, 0, 0x0, ...
 02126  1448   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02127  1224   NtWaitForSingleObject  (448, 0, 0x0, ...
 02128  1216   NtWaitForSingleObject  (448, 0, 0x0, ...
 02129  1208   NtWaitForSingleObject  (448, 0, 0x0, ...
 02130  1072   NtWaitForSingleObject  (448, 0, 0x0, ...
 02131  1192   NtWaitForSingleObject  (448, 0, 0x0, ...
 02132   944   NtWaitForSingleObject  (592, 0, 0x0, ...
 02133   324   NtWaitForSingleObject  (448, 0, 0x0, ...
 02134  1184   NtWaitForSingleObject  (592, 0, 0x0, ...
 02135  1172   NtWaitForSingleObject  (592, 0, 0x0, ...
 02136   320   NtWaitForSingleObject  (448, 0, 0x0, ...
 02137  1156   NtWaitForSingleObject  (592, 0, 0x0, ...
 02138  1128   NtWaitForSingleObject  (592, 0, 0x0, ...
 02139  1148   NtWaitForSingleObject  (592, 0, 0x0, ...
 02140  1152   NtWaitForSingleObject  (592, 0, 0x0, ...
 02141  1104   NtWaitForSingleObject  (448, 0, 0x0, ...
 02142   936   NtWaitForSingleObject  (132, 0, 0x0, ...
 02089  1444   NtDuplicateObject  ... 776, ) == 0x0
 02143  1064   NtWaitForSingleObject  (592, 0, 0x0, ...
 02144  1084   NtWaitForSingleObject  (592, 0, 0x0, ...
 02145  1076   NtWaitForSingleObject  (592, 0, 0x0, ...
 02146   876   NtQuerySystemInformation  (Basic, 44, ...
 02147   308   NtSetEventBoostPriority  (592, ...
 02148  1004   NtWaitForSingleObject  (592, 0, 0x0, ...
 02149  1092   NtWaitForSingleObject  (592, 0, 0x0, ...
 02150  1096   NtWaitForSingleObject  (592, 0, 0x0, ...
 02151  1032   NtWaitForSingleObject  (448, 0, 0x0, ...
 02152  1000   NtWaitForSingleObject  (592, 0, 0x0, ...
 02153   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1633, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1633, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\0\3\0\0\314\1\0\0\14\3\0\0" ...  ...
 02154  1456   NtWaitForSingleObject  (448, 0, 0x0, ...
 02155  1088   NtWaitForSingleObject  (592, 0, 0x0, ...
 02092  1320   NtDuplicateObject  ... 780, ) == 0x0
 02099   716   NtDuplicateObject  ... 784, ) == 0x0
 02120  1100   NtAllocateVirtualMemory  ... 1372160, 4096, ) == 0x0
 02126  1448   NtDuplicateObject  ... 788, ) == 0x0
 02156  1444   NtWaitForSingleObject  (448, 0, 0x0, ...
 02146   876   NtQuerySystemInformation  ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 01785   932   NtWaitForSingleObject  ... ) == 0x0
 02147   308   NtSetEventBoostPriority  ... ) == 0x0
 02153   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1634, 0}  ... {28, 56, reply, 0, 460, 468, 1634, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\0\3\0\0\314\1\0\0\14\3\0\0" )  ) == 0x0
 02157  1320   NtWaitForSingleObject  (448, 0, 0x0, ...
 02158   716   NtWaitForSingleObject  (448, 0, 0x0, ...
 02159  1100   NtSetEventBoostPriority  (448, ...
 02160  1448   NtWaitForSingleObject  (448, 0, 0x0, ...
 02161   932   NtWaitForSingleObject  (448, 0, 0x0, ...
 02162   308   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02163   468   NtResumeThread  (768, ...
 02125  1048   NtWaitForSingleObject  ... ) == 0x0
 02159  1100   NtSetEventBoostPriority  ... ) == 0x0
 02162   308   NtWaitForSingleObject  ... ) == 0x102
 02164  1048   NtSetEventBoostPriority  (448, ...
 02163   468   NtResumeThread  ... 1, ) == 0x0
 02165  1100   NtWaitForSingleObject  (592, 0, 0x0, ...
 02124  1232   NtWaitForSingleObject  ... ) == 0x0
 02164  1048   NtSetEventBoostPriority  ... ) == 0x0
 02166   308   NtWaitForSingleObject  (448, 0, 0x0, ...
 02167   876   NtWaitForSingleObject  (592, 0, 0x0, ...
 02168   780   NtTestAlert  (...
 02169  1232   NtSetEventBoostPriority  (448, ...
 02170  1048   NtWaitForSingleObject  (592, 0, 0x0, ...
 02171   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02127  1224   NtWaitForSingleObject  ... ) == 0x0
 02168   780   NtTestAlert  ... ) == 0x0
 02169  1232   NtSetEventBoostPriority  ... ) == 0x0
 02171   468   NtAllocateVirtualMemory  ... 100401152, 1048576, ) == 0x0
 02172  1224   NtSetEventBoostPriority  (448, ...
 02173   780   NtContinue  (100400432, 1, ...
 02174  1232   NtWaitForSingleObject  (592, 0, 0x0, ...
 02175   468   NtAllocateVirtualMemory  (-1, 101441536, 0, 8192, 4096, 4, ...
 02128  1216   NtWaitForSingleObject  ... ) == 0x0
 02176   780   NtRegisterThreadTerminatePort  (24, ...
 02175   468   NtAllocateVirtualMemory  ... 101441536, 8192, ) == 0x0
 02177  1216   NtSetEventBoostPriority  (448, ...
 02176   780   NtRegisterThreadTerminatePort  ... ) == 0x0
 02178   468   NtProtectVirtualMemory  (-1, (0x60be000), 4096, 260, ...
 02129  1208   NtWaitForSingleObject  ... ) == 0x0
 02177  1216   NtSetEventBoostPriority  ... ) == 0x0
 02172  1224   NtSetEventBoostPriority  ... ) == 0x0
 02178   468   NtProtectVirtualMemory  ... (0x60be000), 4096, 4, ) == 0x0
 02179  1208   NtSetEventBoostPriority  (448, ...
 02180  1216   NtWaitForSingleObject  (448, 0, 0x0, ...
 02181  1224   NtWaitForSingleObject  (448, 0, 0x0, ...
 02182   780   NtWaitForSingleObject  (448, 0, 0x0, ...
 02130  1072   NtWaitForSingleObject  ... ) == 0x0
 02183  1072   NtSetEventBoostPriority  (448, ...
 02133   324   NtWaitForSingleObject  ... ) == 0x0
 02184   324   NtSetEventBoostPriority  (448, ...
 02136   320   NtWaitForSingleObject  ... ) == 0x0
 02185   320   NtSetEventBoostPriority  (448, ...
 02141  1104   NtWaitForSingleObject  ... ) == 0x0
 02186  1104   NtSetEventBoostPriority  (448, ...
 02151  1032   NtWaitForSingleObject  ... ) == 0x0
 02187  1032   NtSetEventBoostPriority  (448, ...
 02154  1456   NtWaitForSingleObject  ... ) == 0x0
 02188  1456   NtSetEventBoostPriority  (448, ...
 02156  1444   NtWaitForSingleObject  ... ) == 0x0
 02189  1444   NtSetEventBoostPriority  (448, ...
 02131  1192   NtWaitForSingleObject  ... ) == 0x0
 02190  1192   NtSetEventBoostPriority  (448, ...
 02157  1320   NtWaitForSingleObject  ... ) == 0x0
 02191  1320   NtSetEventBoostPriority  (448, ...
 02158   716   NtWaitForSingleObject  ... ) == 0x0
 02192   716   NtSetEventBoostPriority  (448, ...
 02161   932   NtWaitForSingleObject  ... ) == 0x0
 02193   932   NtSetEventBoostPriority  (448, ...
 02160  1448   NtWaitForSingleObject  ... ) == 0x0
 02194  1448   NtSetEventBoostPriority  (448, ...
 02166   308   NtWaitForSingleObject  ... ) == 0x0
 02195   308   NtSetEventBoostPriority  (448, ...
 02180  1216   NtWaitForSingleObject  ... ) == 0x0
 02196  1216   NtSetEventBoostPriority  (448, ...
 02181  1224   NtWaitForSingleObject  ... ) == 0x0
 02197  1224   NtSetEventBoostPriority  (448, ...
 02182   780   NtWaitForSingleObject  ... ) == 0x0
 02198   780   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 792, ) == 0x0
 02199   780   NtWaitForSingleObject  (592, 0, 0x0, ...
 02197  1224   NtSetEventBoostPriority  ... ) == 0x0
 02196  1216   NtSetEventBoostPriority  ... ) == 0x0
 02194  1448   NtSetEventBoostPriority  ... ) == 0x0
 02193   932   NtSetEventBoostPriority  ... ) == 0x0
 02192   716   NtSetEventBoostPriority  ... ) == 0x0
 02191  1320   NtSetEventBoostPriority  ... ) == 0x0
 02189  1444   NtSetEventBoostPriority  ... ) == 0x0
 02188  1456   NtSetEventBoostPriority  ... ) == 0x0
 02187  1032   NtSetEventBoostPriority  ... ) == 0x0
 02186  1104   NtSetEventBoostPriority  ... ) == 0x0
 02185   320   NtSetEventBoostPriority  ... ) == 0x0
 02184   324   NtSetEventBoostPriority  ... ) == 0x0
 02195   308   NtSetEventBoostPriority  ... ) == 0x0
 02190  1192   NtSetEventBoostPriority  ... ) == 0x0
 02183  1072   NtSetEventBoostPriority  ... ) == 0x0
 02179  1208   NtSetEventBoostPriority  ... ) == 0x0
 02200   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02201  1224   NtWaitForSingleObject  (592, 0, 0x0, ...
 02202  1216   NtWaitForSingleObject  (592, 0, 0x0, ...
 02203  1448   NtWaitForSingleObject  (592, 0, 0x0, ...
 02204   932   NtSetEventBoostPriority  (592, ...
 02205   716   NtWaitForSingleObject  (592, 0, 0x0, ...
 02206  1320   NtWaitForSingleObject  (592, 0, 0x0, ...
 02207  1444   NtWaitForSingleObject  (592, 0, 0x0, ...
 02208  1456   NtWaitForSingleObject  (592, 0, 0x0, ...
 02209  1032   NtWaitForSingleObject  (592, 0, 0x0, ...
 02210  1104   NtWaitForSingleObject  (592, 0, 0x0, ...
 02211   320   NtWaitForSingleObject  (592, 0, 0x0, ...
 02212   308   NtWaitForSingleObject  (132, 0, 0x0, ...
 02213  1192   NtWaitForSingleObject  (592, 0, 0x0, ...
 02214  1072   NtWaitForSingleObject  (592, 0, 0x0, ...
 02215  1208   NtWaitForSingleObject  (592, 0, 0x0, ...
 02200   468   NtCreateThread  ... 796, {460, 1468}, ) == 0x0
 01807   892   NtWaitForSingleObject  ... ) == 0x0
 02204   932   NtSetEventBoostPriority  ... ) == 0x0
 02216   892   NtSetEventBoostPriority  (592, ...
 02217   468   NtQueryInformationThread  (796, Basic, 28, ...
 01887   960   NtWaitForSingleObject  ... ) == 0x0
 02218   932   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02217   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff63000,Pid=460,Tid=1468,}, 0x0, ) == 0x0
 02219   960   NtSetEventBoostPriority  (592, ...
 02218   932   NtWaitForSingleObject  ... ) == 0x102
 02220   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1634, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1634, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\34\3\0\0\314\1\0\0\274\5\0\0" ...  ...
 01943   864   NtWaitForSingleObject  ... ) == 0x0
 02219   960   NtSetEventBoostPriority  ... ) == 0x0
 02221   932   NtWaitForSingleObject  (132, 0, 0x0, ...
 02222   864   NtSetEventBoostPriority  (592, ...
 02220   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1635, 0}  ... {28, 56, reply, 0, 460, 468, 1635, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\34\3\0\0\314\1\0\0\274\5\0\0" )  ) == 0x0
 02216   892   NtSetEventBoostPriority  ... ) == 0x0
 02223   324   NtWaitForSingleObject  (592, 0, 0x0, ...
 02224   960   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 01949   940   NtWaitForSingleObject  ... ) == 0x0
 02222   864   NtSetEventBoostPriority  ... ) == 0x0
 02225   468   NtResumeThread  (796, ...
 02226   892   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02227   940   NtSetEventBoostPriority  (592, ...
 02224   960   NtWaitForSingleObject  ... ) == 0x102
 02228   864   NtCreateFile  (0xc0100000, {24, 0, 0x42, 0, 0,  (0xc0100000, {24, 0, 0x42, 0, 0, "\Device\Afd\Endpoint"}, 0x0, 0, 3, 3, 0, 11009604, 67, ... }, 0x0, 0, 3, 3, 0, 11009604, 67, ...
 02225   468   NtResumeThread  ... 1, ) == 0x0
 01974   968   NtWaitForSingleObject  ... ) == 0x0
 02227   940   NtSetEventBoostPriority  ... ) == 0x0
 02229   960   NtWaitForSingleObject  (132, 0, 0x0, ...
 02230  1468   NtTestAlert  (...
 02226   892   NtWaitForSingleObject  ... ) == 0x102
 02231   968   NtSetEventBoostPriority  (592, ...
 02232   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02233   940   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02230  1468   NtTestAlert  ... ) == 0x0
 01981   992   NtWaitForSingleObject  ... ) == 0x0
 02231   968   NtSetEventBoostPriority  ... ) == 0x0
 02234   892   NtWaitForSingleObject  (132, 0, 0x0, ...
 02232   468   NtAllocateVirtualMemory  ... 101449728, 1048576, ) == 0x0
 02228   864   NtCreateFile  ... 800, {status=0x0, info=0}, ) == 0x0
 02235   992   NtSetEventBoostPriority  (592, ...
 02236  1468   NtContinue  (101449008, 1, ...
 02233   940   NtWaitForSingleObject  ... ) == 0x102
 02237   468   NtAllocateVirtualMemory  (-1, 102490112, 0, 8192, 4096, 4, ...
 01985   888   NtWaitForSingleObject  ... ) == 0x0
 02235   992   NtSetEventBoostPriority  ... ) == 0x0
 02238   864   NtDeviceIoControlFile  (800, 108, 0x0, 0x0, 0x1207b,  (800, 108, 0x0, 0x0, 0x1207b, "\7\0\0\0\340\0\0\0\210\204\24\0\17\346\367w", 16, 16, ... , 16, 16, ...
 02239  1468   NtRegisterThreadTerminatePort  (24, ...
 02240   940   NtWaitForSingleObject  (132, 0, 0x0, ...
 02241   968   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02242   888   NtSetEventBoostPriority  (592, ...
 02237   468   NtAllocateVirtualMemory  ... 102490112, 8192, ) == 0x0
 02238   864   NtDeviceIoControlFile  ... {status=0x0, info=16},  ... {status=0x0, info=16}, "\7\0\0\0B\0\0\0\0 \0\0\0\206\14\201", ) , ) == 0x0
 02239  1468   NtRegisterThreadTerminatePort  ... ) == 0x0
 02013  1024   NtWaitForSingleObject  ... ) == 0x0
 02242   888   NtSetEventBoostPriority  ... ) == 0x0
 02241   968   NtWaitForSingleObject  ... ) == 0x102
 02243   468   NtProtectVirtualMemory  (-1, (0x61be000), 4096, 260, ...
 02244   864   NtDeviceIoControlFile  (800, 108, 0x0, 0x0, 0x1207b,  (800, 108, 0x0, 0x0, 0x1207b, "\6\0\0\0B\0\0\0\0 \0\0\0\206\14\201", 16, 16, ... , 16, 16, ...
 02245   992   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02246  1024   NtSetEventBoostPriority  (592, ...
 02247  1468   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02248   968   NtWaitForSingleObject  (132, 0, 0x0, ...
 02243   468   NtProtectVirtualMemory  ... (0x61be000), 4096, 4, ) == 0x0
 02244   864   NtDeviceIoControlFile  ... {status=0x0, info=16},  ... {status=0x0, info=16}, "\6\0\0\0B\0\0\0\0 \0\0\0\206\14\201", ) , ) == 0x0
 02087  1028   NtWaitForSingleObject  ... ) == 0x0
 02246  1024   NtSetEventBoostPriority  ... ) == 0x0
 02245   992   NtWaitForSingleObject  ... ) == 0x102
 02247  1468   NtDuplicateObject  ... 804, ) == 0x0
 02249   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02250  1028   NtSetEventBoostPriority  (592, ...
 02251   864   NtDeviceIoControlFile  (800, 108, 0x0, 0x0, 0x12047,  (800, 108, 0x0, 0x0, 0x12047, "\0\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\20\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \0\0\0 \0\0\0\0\0\0\1\0\0\0\351\3\0\0f\0\2\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0h\0\0\0x\367\24\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\0 \0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0n\0t\0r\0o\0l\0S\0e\0t\0\0\1\0\0\0\1\0\0\0\0\0\0 \0\0\0s\0\\0T\0c\0p\0i\0p\0\\0P\0a\0r\0a\0m\0e\0t\0e\0r\0s\0\0\0\0\0", 248, 16, ... , 248, 16, ...
 02252   888   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02253   992   NtWaitForSingleObject  (132, 0, 0x0, ...
 02254  1468   NtWaitForSingleObject  (592, 0, 0x0, ...
 02090  1440   NtWaitForSingleObject  ... ) == 0x0
 02250  1028   NtSetEventBoostPriority  ... ) == 0x0
 02249   468   NtCreateThread  ... 808, {460, 1112}, ) == 0x0
 02255  1024   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02252   888   NtWaitForSingleObject  ... ) == 0x102
 02256  1440   NtSetEventBoostPriority  (592, ...
 02251   864   NtDeviceIoControlFile  ... {status=0x0, info=0}, "", ) == 0x0
 02257   468   NtQueryInformationThread  (808, Basic, 28, ...
 02255  1024   NtWaitForSingleObject  ... ) == 0x102
 02091  1012   NtWaitForSingleObject  ... ) == 0x0
 02256  1440   NtSetEventBoostPriority  ... ) == 0x0
 02258   888   NtWaitForSingleObject  (132, 0, 0x0, ...
 02259   864   NtWaitForSingleObject  (64, 0, {0, 0}, ...
 02260  1028   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02261  1012   NtSetEventBoostPriority  (592, ...
 02262  1024   NtWaitForSingleObject  (132, 0, 0x0, ...
 02263  1440   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02259   864   NtWaitForSingleObject  ... ) == 0x102
 02093  1432   NtWaitForSingleObject  ... ) == 0x0
 02261  1012   NtSetEventBoostPriority  ... ) == 0x0
 02260  1028   NtWaitForSingleObject  ... ) == 0x102
 02257   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff62000,Pid=460,Tid=1112,}, 0x0, ) == 0x0
 02264  1432   NtSetEventBoostPriority  (592, ...
 02265   864   NtDeviceIoControlFile  (800, 108, 0x0, 0x0, 0x12003,  (800, 108, 0x0, 0x0, 0x12003, "\0\0\0\0\1\0\0\0\16\0\2\0\25\262\0\0\0\0\0\0\0\0\0\0\0\0", 26, 26, ... , 26, 26, ...
 02266  1012   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02267  1028   NtWaitForSingleObject  (132, 0, 0x0, ...
 02095   996   NtWaitForSingleObject  ... ) == 0x0
 02268   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1635, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1635, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO(\3\0\0\314\1\0\0X\4\0\0" ...  ...
 02265   864   NtDeviceIoControlFile  ... {status=0x0, info=812},  ... {status=0x0, info=812}, "\1\0\0\0\1\0\0\0\16\0\2\0\25\262\0\0\0\0\0\0\0\0\0\0\0\0", ) , ) == 0x0
 02264  1432   NtSetEventBoostPriority  ... ) == 0x0
 02263  1440   NtWaitForSingleObject  ... ) == 0x102
 02269   996   NtSetEventBoostPriority  (592, ...
 02268   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1636, 0}  ... {28, 56, reply, 0, 460, 468, 1636, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO(\3\0\0\314\1\0\0X\4\0\0" )  ) == 0x0
 02266  1012   NtWaitForSingleObject  ... ) == 0x102
 02270  1432   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02271  1440   NtWaitForSingleObject  (132, 0, 0x0, ...
 02094  1108   NtWaitForSingleObject  ... ) == 0x0
 02269   996   NtSetEventBoostPriority  ... ) == 0x0
 02272   468   NtResumeThread  (808, ...
 02273  1012   NtWaitForSingleObject  (132, 0, 0x0, ...
 02274  1108   NtSetEventBoostPriority  (592, ...
 02275   996   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02272   468   NtResumeThread  ... 1, ) == 0x0
 02096  1428   NtWaitForSingleObject  ... ) == 0x0
 02274  1108   NtSetEventBoostPriority  ... ) == 0x0
 02276   864   NtDeviceIoControlFile  (800, 108, 0x0, 0x0, 0x12047,  (800, 108, 0x0, 0x0, 0x12047, "\1\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\20\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \0\0\0 \0\0\0\0\0\0\1\0\0\0\351\3\0\0f\0\2\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0h\0\0\0(\0*\0\2\0\25\262\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\0 \0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0n\0t\0r\0o\0l\0S\0e\0t\0\0\1\0\0\0\1\0\0\0\0\0\0 \0\0\0s\0\\0T\0c\0p\0i\0p\0\\0P\0a\0r\0a\0m\0e\0t\0e\0r\0s\0\0\0\0\0", 248, 0, ... , 248, 0, ...
 02270  1432   NtWaitForSingleObject  ... ) == 0x102
 02277  1112   NtTestAlert  (...
 02275   996   NtWaitForSingleObject  ... ) == 0x102
 02278  1428   NtSetEventBoostPriority  (592, ...
 02279  1108   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02276   864   NtDeviceIoControlFile  ... {status=0x0, info=0}, 0x0, ) == 0x0
 02280  1432   NtAllocateVirtualMemory  (-1, 1376256, 0, 4096, 4096, 4, ...
 02277  1112   NtTestAlert  ... ) == 0x0
 02281   996   NtWaitForSingleObject  (448, 0, 0x0, ...
 02097  1424   NtWaitForSingleObject  ... ) == 0x0
 02282   864   NtDeviceIoControlFile  (800, 108, 0x0, 0x0, 0x1200b,  (800, 108, 0x0, 0x0, 0x1200b, "\0\21\252q\5\0\0\0\0\0\0\0", 12, 0, ... , 12, 0, ...
 02280  1432   NtAllocateVirtualMemory  ... 1376256, 4096, ) == 0x0
 02283  1112   NtContinue  (102497584, 1, ...
 02284  1424   NtWaitForSingleObject  (448, 0, 0x0, ...
 02282   864   NtDeviceIoControlFile  ... {status=0x0, info=0}, 0x0, ) == 0x0
 02285  1432   NtSetEventBoostPriority  (448, ...
 02286  1112   NtRegisterThreadTerminatePort  (24, ...
 02287   864   NtDeviceIoControlFile  (800, 108, 0x0, 0x0, 0x12047,  (800, 108, 0x0, 0x0, 0x12047, "\1\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\20\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \0\0\0 \0\0\1\0\0\0\1\0\0\0\351\3\0\0f\0\2\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0h\0\0\0e\0t\0\2\0\25\262\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\1\0\0\0\6\0\0\0\0 \0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0n\0t\0r\0o\0l\0S\0e\0t\0\0\1\0\0\0\1\0\0\0\0\0\0 \0\0\0s\0\\0T\0c\0p\0i\0p\0\\0P\0a\0r\0a\0m\0e\0t\0e\0r\0s\0\0\0\0\0", 248, 0, ... , 248, 0, ...
 02281   996   NtWaitForSingleObject  ... ) == 0x0
 02285  1432   NtSetEventBoostPriority  ... ) == 0x0
 02286  1112   NtRegisterThreadTerminatePort  ... ) == 0x0
 02288   996   NtSetEventBoostPriority  (448, ...
 02287   864   NtDeviceIoControlFile  ... {status=0x0, info=0}, 0x0, ) == 0x0
 02289  1432   NtWaitForSingleObject  (132, 0, 0x0, ...
 02278  1428   NtSetEventBoostPriority  ... ) == 0x0
 02290   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02279  1108   NtWaitForSingleObject  ... ) == 0x102
 02284  1424   NtWaitForSingleObject  ... ) == 0x0
 02288   996   NtSetEventBoostPriority  ... ) == 0x0
 02291  1112   NtWaitForSingleObject  (448, 0, 0x0, ...
 02292   864   NtDeviceIoControlFile  (800, 108, 0x0, 0x0, 0x1200c, 0x0, 0, 26, ...
 02293  1428   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02290   468   NtAllocateVirtualMemory  ... 102498304, 1048576, ) == 0x0
 02294  1424   NtSetEventBoostPriority  (448, ...
 02295  1108   NtWaitForSingleObject  (448, 0, 0x0, ...
 02292   864   NtDeviceIoControlFile  ... {status=0x0, info=0}, "", ) == 0x103
 02291  1112   NtWaitForSingleObject  ... ) == 0x0
 02296   468   NtAllocateVirtualMemory  (-1, 103538688, 0, 8192, 4096, 4, ...
 02297  1112   NtSetEventBoostPriority  (448, ...
 02296   468   NtAllocateVirtualMemory  ... 103538688, 8192, ) == 0x0
 02295  1108   NtWaitForSingleObject  ... ) == 0x0
 02297  1112   NtSetEventBoostPriority  ... ) == 0x0
 02298  1108   NtWaitForSingleObject  (132, 0, 0x0, ...
 02299   468   NtProtectVirtualMemory  (-1, (0x62be000), 4096, 260, ...
 02300  1112   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02299   468   NtProtectVirtualMemory  ... (0x62be000), 4096, 4, ) == 0x0
 02294  1424   NtSetEventBoostPriority  ... ) == 0x0
 02301   996   NtWaitForSingleObject  (132, 0, 0x0, ...
 02293  1428   NtWaitForSingleObject  ... ) == 0x102
 02300  1112   NtDuplicateObject  ... 816, ) == 0x0
 02303   864   NtWaitForSingleObject  (108, 1, {-5000000, -1}, ...
 02302   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02304  1428   NtWaitForSingleObject  (132, 0, 0x0, ...
 02305  1112   NtWaitForSingleObject  (592, 0, 0x0, ...
 02302   468   NtCreateThread  ... 820, {460, 1472}, ) == 0x0
 02306   468   NtQueryInformationThread  (820, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff61000,Pid=460,Tid=1472,}, 0x0, ) == 0x0
 02307   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1636, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1636, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO4\3\0\0\314\1\0\0\300\5\0\0" ... {28, 56, reply, 0, 460, 468, 1637, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO4\3\0\0\314\1\0\0\300\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1637, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1636, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO4\3\0\0\314\1\0\0\300\5\0\0" ... {28, 56, reply, 0, 460, 468, 1637, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO4\3\0\0\314\1\0\0\300\5\0\0" )  ) == 0x0
 02308   468   NtResumeThread  (820, ... 1, ) == 0x0
 02309   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 103546880, 1048576, ) == 0x0
 02310   468   NtAllocateVirtualMemory  (-1, 104587264, 0, 8192, 4096, 4, ...
 02311  1424   NtSetEventBoostPriority  (592, ...
 02312  1472   NtTestAlert  (...
 02098  1420   NtWaitForSingleObject  ... ) == 0x0
 02311  1424   NtSetEventBoostPriority  ... ) == 0x0
 02313  1420   NtSetEventBoostPriority  (592, ...
 02312  1472   NtTestAlert  ... ) == 0x0
 02100  1436   NtWaitForSingleObject  ... ) == 0x0
 02314  1424   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02315  1472   NtContinue  (103546160, 1, ...
 02316  1436   NtSetEventBoostPriority  (592, ...
 02314  1424   NtWaitForSingleObject  ... ) == 0x102
 02317  1472   NtRegisterThreadTerminatePort  (24, ...
 02101  1236   NtWaitForSingleObject  ... ) == 0x0
 02316  1436   NtSetEventBoostPriority  ... ) == 0x0
 02318  1424   NtWaitForSingleObject  (132, 0, 0x0, ...
 02319  1236   NtSetEventBoostPriority  (592, ...
 02317  1472   NtRegisterThreadTerminatePort  ... ) == 0x0
 02320  1436   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02313  1420   NtSetEventBoostPriority  ... ) == 0x0
 02310   468   NtAllocateVirtualMemory  ... 104587264, 8192, ) == 0x0
 02103  1252   NtWaitForSingleObject  ... ) == 0x0
 02319  1236   NtSetEventBoostPriority  ... ) == 0x0
 02321  1472   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02322  1420   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02323   468   NtProtectVirtualMemory  (-1, (0x63be000), 4096, 260, ...
 02324  1252   NtSetEventBoostPriority  (592, ...
 02325  1236   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02321  1472   NtDuplicateObject  ... 824, ) == 0x0
 02323   468   NtProtectVirtualMemory  ... (0x63be000), 4096, 4, ) == 0x0
 02104   712   NtWaitForSingleObject  ... ) == 0x0
 02326  1472   NtWaitForSingleObject  (592, 0, 0x0, ...
 02327   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02328   712   NtSetEventBoostPriority  (592, ...
 02327   468   NtCreateThread  ... 828, {460, 1476}, ) == 0x0
 02105  1256   NtWaitForSingleObject  ... ) == 0x0
 02329   468   NtQueryInformationThread  (828, Basic, 28, ...
 02330  1256   NtSetEventBoostPriority  (592, ...
 02328   712   NtSetEventBoostPriority  ... ) == 0x0
 02324  1252   NtSetEventBoostPriority  ... ) == 0x0
 02320  1436   NtWaitForSingleObject  ... ) == 0x102
 02322  1420   NtWaitForSingleObject  ... ) == 0x102
 02325  1236   NtWaitForSingleObject  ... ) == 0x102
 02106  1240   NtWaitForSingleObject  ... ) == 0x0
 02331   712   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02332  1252   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02333  1436   NtWaitForSingleObject  (132, 0, 0x0, ...
 02334  1420   NtWaitForSingleObject  (132, 0, 0x0, ...
 02335  1236   NtWaitForSingleObject  (132, 0, 0x0, ...
 02336  1240   NtSetEventBoostPriority  (592, ...
 02107  1244   NtWaitForSingleObject  ... ) == 0x0
 02337  1244   NtSetEventBoostPriority  (592, ...
 02108  1296   NtWaitForSingleObject  ... ) == 0x0
 02338  1296   NtSetEventBoostPriority  (592, ...
 02109  1300   NtWaitForSingleObject  ... ) == 0x0
 02339  1300   NtSetEventBoostPriority  (592, ...
 02110  1292   NtWaitForSingleObject  ... ) == 0x0
 02340  1292   NtSetEventBoostPriority  (592, ...
 02111  1304   NtWaitForSingleObject  ... ) == 0x0
 02341  1304   NtSetEventBoostPriority  (592, ...
 02112  1272   NtWaitForSingleObject  ... ) == 0x0
 02342  1272   NtSetEventBoostPriority  (592, ...
 02113  1312   NtWaitForSingleObject  ... ) == 0x0
 02343  1312   NtSetEventBoostPriority  (592, ...
 02114  1316   NtWaitForSingleObject  ... ) == 0x0
 02344  1316   NtSetEventBoostPriority  (592, ...
 02115  1180   NtWaitForSingleObject  ... ) == 0x0
 02345  1180   NtSetEventBoostPriority  (592, ...
 02117   964   NtWaitForSingleObject  ... ) == 0x0
 02346   964   NtSetEventBoostPriority  (592, ...
 02116  1408   NtWaitForSingleObject  ... ) == 0x0
 02347  1408   NtSetEventBoostPriority  (592, ...
 02119  1288   NtWaitForSingleObject  ... ) == 0x0
 02348  1288   NtSetEventBoostPriority  (592, ...
 02121   948   NtWaitForSingleObject  ... ) == 0x0
 02349   948   NtSetEventBoostPriority  (592, ...
 02122   952   NtWaitForSingleObject  ... ) == 0x0
 02350   952   NtSetEventBoostPriority  (592, ...
 02123   956   NtWaitForSingleObject  ... ) == 0x0
 02351   956   NtSetEventBoostPriority  (592, ...
 02118  1080   NtWaitForSingleObject  ... ) == 0x0
 02352  1080   NtSetEventBoostPriority  (592, ...
 02132   944   NtWaitForSingleObject  ... ) == 0x0
 02353   944   NtSetEventBoostPriority  (592, ...
 02134  1184   NtWaitForSingleObject  ... ) == 0x0
 02354  1184   NtSetEventBoostPriority  (592, ...
 02135  1172   NtWaitForSingleObject  ... ) == 0x0
 02355  1172   NtSetEventBoostPriority  (592, ...
 02137  1156   NtWaitForSingleObject  ... ) == 0x0
 02356  1156   NtSetEventBoostPriority  (592, ...
 02138  1128   NtWaitForSingleObject  ... ) == 0x0
 02357  1128   NtSetEventBoostPriority  (592, ...
 02139  1148   NtWaitForSingleObject  ... ) == 0x0
 02358  1148   NtSetEventBoostPriority  (592, ...
 02140  1152   NtWaitForSingleObject  ... ) == 0x0
 02359  1152   NtSetEventBoostPriority  (592, ...
 02143  1064   NtWaitForSingleObject  ... ) == 0x0
 02360  1064   NtSetEventBoostPriority  (592, ...
 02144  1084   NtWaitForSingleObject  ... ) == 0x0
 02361  1084   NtSetEventBoostPriority  (592, ...
 02145  1076   NtWaitForSingleObject  ... ) == 0x0
 02362  1076   NtSetEventBoostPriority  (592, ...
 02148  1004   NtWaitForSingleObject  ... ) == 0x0
 02363  1004   NtSetEventBoostPriority  (592, ...
 02149  1092   NtWaitForSingleObject  ... ) == 0x0
 02364  1092   NtSetEventBoostPriority  (592, ...
 02150  1096   NtWaitForSingleObject  ... ) == 0x0
 02365  1096   NtSetEventBoostPriority  (592, ...
 02152  1000   NtWaitForSingleObject  ... ) == 0x0
 02366  1000   NtSetEventBoostPriority  (592, ...
 02155  1088   NtWaitForSingleObject  ... ) == 0x0
 02367  1088   NtSetEventBoostPriority  (592, ...
 02165  1100   NtWaitForSingleObject  ... ) == 0x0
 02368  1100   NtSetEventBoostPriority  (592, ...
 02167   876   NtWaitForSingleObject  ... ) == 0x0
 02369   876   NtSetEventBoostPriority  (592, ...
 02174  1232   NtWaitForSingleObject  ... ) == 0x0
 02370  1232   NtSetEventBoostPriority  (592, ...
 02170  1048   NtWaitForSingleObject  ... ) == 0x0
 02371  1048   NtSetEventBoostPriority  (592, ...
 02199   780   NtWaitForSingleObject  ... ) == 0x0
 02372   780   NtSetEventBoostPriority  (592, ...
 02201  1224   NtWaitForSingleObject  ... ) == 0x0
 02373  1224   NtSetEventBoostPriority  (592, ...
 02202  1216   NtWaitForSingleObject  ... ) == 0x0
 02374  1216   NtSetEventBoostPriority  (592, ...
 02203  1448   NtWaitForSingleObject  ... ) == 0x0
 02375  1448   NtSetEventBoostPriority  (592, ...
 02205   716   NtWaitForSingleObject  ... ) == 0x0
 02376   716   NtSetEventBoostPriority  (592, ...
 02206  1320   NtWaitForSingleObject  ... ) == 0x0
 02377  1320   NtSetEventBoostPriority  (592, ...
 02207  1444   NtWaitForSingleObject  ... ) == 0x0
 02378  1444   NtSetEventBoostPriority  (592, ...
 02208  1456   NtWaitForSingleObject  ... ) == 0x0
 02379  1456   NtSetEventBoostPriority  (592, ...
 02209  1032   NtWaitForSingleObject  ... ) == 0x0
 02380  1032   NtSetEventBoostPriority  (592, ...
 02210  1104   NtWaitForSingleObject  ... ) == 0x0
 02381  1104   NtSetEventBoostPriority  (592, ...
 02211   320   NtWaitForSingleObject  ... ) == 0x0
 02382   320   NtSetEventBoostPriority  (592, ...
 02213  1192   NtWaitForSingleObject  ... ) == 0x0
 02383  1192   NtSetEventBoostPriority  (592, ...
 02214  1072   NtWaitForSingleObject  ... ) == 0x0
 02384  1072   NtSetEventBoostPriority  (592, ...
 02215  1208   NtWaitForSingleObject  ... ) == 0x0
 02385  1208   NtSetEventBoostPriority  (592, ...
 02223   324   NtWaitForSingleObject  ... ) == 0x0
 02386   324   NtSetEventBoostPriority  (592, ...
 02254  1468   NtWaitForSingleObject  ... ) == 0x0
 02387  1468   NtSetEventBoostPriority  (592, ...
 02305  1112   NtWaitForSingleObject  ... ) == 0x0
 02388  1112   NtSetEventBoostPriority  (592, ...
 02326  1472   NtWaitForSingleObject  ... ) == 0x0
 02389  1472   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02388  1112   NtSetEventBoostPriority  ... ) == 0x0
 02387  1468   NtSetEventBoostPriority  ... ) == 0x0
 02386   324   NtSetEventBoostPriority  ... ) == 0x0
 02385  1208   NtSetEventBoostPriority  ... ) == 0x0
 02384  1072   NtSetEventBoostPriority  ... ) == 0x0
 02383  1192   NtSetEventBoostPriority  ... ) == 0x0
 02382   320   NtSetEventBoostPriority  ... ) == 0x0
 02381  1104   NtSetEventBoostPriority  ... ) == 0x0
 02380  1032   NtSetEventBoostPriority  ... ) == 0x0
 02379  1456   NtSetEventBoostPriority  ... ) == 0x0
 02378  1444   NtSetEventBoostPriority  ... ) == 0x0
 02377  1320   NtSetEventBoostPriority  ... ) == 0x0
 02376   716   NtSetEventBoostPriority  ... ) == 0x0
 02375  1448   NtSetEventBoostPriority  ... ) == 0x0
 02374  1216   NtSetEventBoostPriority  ... ) == 0x0
 02373  1224   NtSetEventBoostPriority  ... ) == 0x0
 02370  1232   NtSetEventBoostPriority  ... ) == 0x0
 02369   876   NtSetEventBoostPriority  ... ) == 0x0
 02368  1100   NtSetEventBoostPriority  ... ) == 0x0
 02367  1088   NtSetEventBoostPriority  ... ) == 0x0
 02366  1000   NtSetEventBoostPriority  ... ) == 0x0
 02365  1096   NtSetEventBoostPriority  ... ) == 0x0
 02364  1092   NtSetEventBoostPriority  ... ) == 0x0
 02363  1004   NtSetEventBoostPriority  ... ) == 0x0
 02362  1076   NtSetEventBoostPriority  ... ) == 0x0
 02361  1084   NtSetEventBoostPriority  ... ) == 0x0
 02360  1064   NtSetEventBoostPriority  ... ) == 0x0
 02359  1152   NtSetEventBoostPriority  ... ) == 0x0
 02358  1148   NtSetEventBoostPriority  ... ) == 0x0
 02357  1128   NtSetEventBoostPriority  ... ) == 0x0
 02356  1156   NtSetEventBoostPriority  ... ) == 0x0
 02355  1172   NtSetEventBoostPriority  ... ) == 0x0
 02354  1184   NtSetEventBoostPriority  ... ) == 0x0
 02353   944   NtSetEventBoostPriority  ... ) == 0x0
 02351   956   NtSetEventBoostPriority  ... ) == 0x0
 02350   952   NtSetEventBoostPriority  ... ) == 0x0
 02349   948   NtSetEventBoostPriority  ... ) == 0x0
 02348  1288   NtSetEventBoostPriority  ... ) == 0x0
 02346   964   NtSetEventBoostPriority  ... ) == 0x0
 02372   780   NtSetEventBoostPriority  ... ) == 0x0
 02371  1048   NtSetEventBoostPriority  ... ) == 0x0
 02352  1080   NtSetEventBoostPriority  ... ) == 0x0
 02347  1408   NtSetEventBoostPriority  ... ) == 0x0
 02345  1180   NtSetEventBoostPriority  ... ) == 0x0
 02344  1316   NtSetEventBoostPriority  ... ) == 0x0
 02343  1312   NtSetEventBoostPriority  ... ) == 0x0
 02342  1272   NtSetEventBoostPriority  ... ) == 0x0
 02341  1304   NtSetEventBoostPriority  ... ) == 0x0
 02340  1292   NtSetEventBoostPriority  ... ) == 0x0
 02339  1300   NtSetEventBoostPriority  ... ) == 0x0
 02338  1296   NtSetEventBoostPriority  ... ) == 0x0
 02337  1244   NtSetEventBoostPriority  ... ) == 0x0
 02336  1240   NtSetEventBoostPriority  ... ) == 0x0
 02330  1256   NtSetEventBoostPriority  ... ) == 0x0
 02329   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff60000,Pid=460,Tid=1476,}, 0x0, ) == 0x0
 02331   712   NtWaitForSingleObject  ... ) == 0x102
 02332  1252   NtWaitForSingleObject  ... ) == 0x102
 02389  1472   NtWaitForSingleObject  ... ) == 0x102
 02390  1112   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02391   324   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02392  1468   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02393  1208   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02394  1072   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02395   320   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02396  1104   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02397  1032   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02398  1456   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02399  1444   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02400  1320   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02401   716   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02402  1448   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02403  1216   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02404  1224   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02405  1192   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02406   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Rpc\PagedBuffers"}, ... }, ...
 02407  1232   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02408  1088   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02409  1100   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02410  1000   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02411  1096   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02412  1092   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02413  1004   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02414  1076   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02415  1084   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02416  1064   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02417  1152   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02418  1148   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02419  1128   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02420  1156   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02421  1172   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02422   944   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02423   956   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02424   952   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02425   948   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02426  1288   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02427   964   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02428   780   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02429  1048   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02430  1080   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02431  1408   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02432  1180   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02433  1316   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02434  1312   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02435  1272   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02436  1304   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02437  1292   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02438  1300   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02439  1296   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02440  1244   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02441  1240   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02442  1256   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02443   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1637, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1637, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO<\3\0\0\314\1\0\0\304\5\0\0" ...  ...
 02444   712   NtWaitForSingleObject  (132, 0, 0x0, ...
 02445  1252   NtWaitForSingleObject  (132, 0, 0x0, ...
 02446  1472   NtWaitForSingleObject  (132, 0, 0x0, ...
 02390  1112   NtWaitForSingleObject  ... ) == 0x102
 02447  1184   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02392  1468   NtWaitForSingleObject  ... ) == 0x102
 02393  1208   NtWaitForSingleObject  ... ) == 0x102
 02394  1072   NtWaitForSingleObject  ... ) == 0x102
 02391   324   NtWaitForSingleObject  ... ) == 0x102
 02395   320   NtWaitForSingleObject  ... ) == 0x102
 02396  1104   NtWaitForSingleObject  ... ) == 0x102
 02397  1032   NtWaitForSingleObject  ... ) == 0x102
 02398  1456   NtWaitForSingleObject  ... ) == 0x102
 02399  1444   NtWaitForSingleObject  ... ) == 0x102
 02400  1320   NtWaitForSingleObject  ... ) == 0x102
 02401   716   NtWaitForSingleObject  ... ) == 0x102
 02402  1448   NtWaitForSingleObject  ... ) == 0x102
 02403  1216   NtWaitForSingleObject  ... ) == 0x102
 02405  1192   NtWaitForSingleObject  ... ) == 0x102
 02404  1224   NtWaitForSingleObject  ... ) == 0x102
 02407  1232   NtWaitForSingleObject  ... ) == 0x102
 02406   876   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02409  1100   NtWaitForSingleObject  ... ) == 0x102
 02410  1000   NtWaitForSingleObject  ... ) == 0x102
 02411  1096   NtWaitForSingleObject  ... ) == 0x102
 02412  1092   NtWaitForSingleObject  ... ) == 0x102
 02413  1004   NtWaitForSingleObject  ... ) == 0x102
 02414  1076   NtWaitForSingleObject  ... ) == 0x102
 02415  1084   NtWaitForSingleObject  ... ) == 0x102
 02416  1064   NtWaitForSingleObject  ... ) == 0x102
 02417  1152   NtWaitForSingleObject  ... ) == 0x102
 02418  1148   NtWaitForSingleObject  ... ) == 0x102
 02419  1128   NtWaitForSingleObject  ... ) == 0x102
 02420  1156   NtWaitForSingleObject  ... ) == 0x102
 02421  1172   NtWaitForSingleObject  ... ) == 0x102
 02408  1088   NtWaitForSingleObject  ... ) == 0x102
 02422   944   NtWaitForSingleObject  ... ) == 0x102
 02423   956   NtWaitForSingleObject  ... ) == 0x102
 02424   952   NtWaitForSingleObject  ... ) == 0x102
 02425   948   NtWaitForSingleObject  ... ) == 0x102
 02426  1288   NtWaitForSingleObject  ... ) == 0x102
 02443   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1638, 0}  ... {28, 56, reply, 0, 460, 468, 1638, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO<\3\0\0\314\1\0\0\304\5\0\0" )  ) == 0x0
 02448  1112   NtAllocateVirtualMemory  (-1, 1380352, 0, 4096, 4096, 4, ...
 02447  1184   NtWaitForSingleObject  ... ) == 0x102
 02449  1468   NtWaitForSingleObject  (448, 0, 0x0, ...
 02450  1208   NtWaitForSingleObject  (448, 0, 0x0, ...
 02451  1072   NtWaitForSingleObject  (448, 0, 0x0, ...
 02452   324   NtWaitForSingleObject  (448, 0, 0x0, ...
 02453   320   NtWaitForSingleObject  (448, 0, 0x0, ...
 02454  1104   NtWaitForSingleObject  (448, 0, 0x0, ...
 02455  1032   NtWaitForSingleObject  (448, 0, 0x0, ...
 02456  1456   NtWaitForSingleObject  (448, 0, 0x0, ...
 02457  1444   NtWaitForSingleObject  (448, 0, 0x0, ...
 02458  1320   NtWaitForSingleObject  (448, 0, 0x0, ...
 02459   716   NtWaitForSingleObject  (448, 0, 0x0, ...
 02460  1448   NtWaitForSingleObject  (448, 0, 0x0, ...
 02461  1216   NtWaitForSingleObject  (448, 0, 0x0, ...
 02462  1192   NtWaitForSingleObject  (448, 0, 0x0, ...
 02463  1224   NtWaitForSingleObject  (448, 0, 0x0, ...
 02464  1232   NtWaitForSingleObject  (448, 0, 0x0, ...
 02465   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Rpc"}, ... }, ...
 02466  1100   NtWaitForSingleObject  (448, 0, 0x0, ...
 02467  1000   NtWaitForSingleObject  (448, 0, 0x0, ...
 02468  1096   NtWaitForSingleObject  (448, 0, 0x0, ...
 02469  1092   NtWaitForSingleObject  (448, 0, 0x0, ...
 02470  1004   NtWaitForSingleObject  (448, 0, 0x0, ...
 02471  1076   NtWaitForSingleObject  (448, 0, 0x0, ...
 02472  1084   NtWaitForSingleObject  (448, 0, 0x0, ...
 02473  1064   NtWaitForSingleObject  (448, 0, 0x0, ...
 02474  1152   NtWaitForSingleObject  (448, 0, 0x0, ...
 02475  1148   NtWaitForSingleObject  (448, 0, 0x0, ...
 02476  1128   NtWaitForSingleObject  (448, 0, 0x0, ...
 02477  1156   NtWaitForSingleObject  (448, 0, 0x0, ...
 02478  1172   NtWaitForSingleObject  (448, 0, 0x0, ...
 02479  1088   NtWaitForSingleObject  (448, 0, 0x0, ...
 02480   944   NtWaitForSingleObject  (448, 0, 0x0, ...
 02481   956   NtWaitForSingleObject  (448, 0, 0x0, ...
 02482   952   NtWaitForSingleObject  (448, 0, 0x0, ...
 02483   948   NtWaitForSingleObject  (448, 0, 0x0, ...
 02484  1288   NtWaitForSingleObject  (448, 0, 0x0, ...
 02485   468   NtResumeThread  (828, ...
 02448  1112   NtAllocateVirtualMemory  ... 1380352, 4096, ) == 0x0
 02486  1184   NtWaitForSingleObject  (448, 0, 0x0, ...
 02465   876   NtOpenKey  ... 832, ) == 0x0
 02485   468   NtResumeThread  ... 1, ) == 0x0
 02487  1112   NtSetEventBoostPriority  (448, ...
 02488   876   NtQueryValueKey  (832,  (832, "MaxRpcSize", Partial, 144, ... , Partial, 144, ...
 02427   964   NtWaitForSingleObject  ... ) == 0x102
 02428   780   NtWaitForSingleObject  ... ) == 0x102
 02429  1048   NtWaitForSingleObject  ... ) == 0x102
 02430  1080   NtWaitForSingleObject  ... ) == 0x102
 02431  1408   NtWaitForSingleObject  ... ) == 0x102
 02432  1180   NtWaitForSingleObject  ... ) == 0x102
 02433  1316   NtWaitForSingleObject  ... ) == 0x102
 02434  1312   NtWaitForSingleObject  ... ) == 0x102
 02435  1272   NtWaitForSingleObject  ... ) == 0x102
 02436  1304   NtWaitForSingleObject  ... ) == 0x102
 02437  1292   NtWaitForSingleObject  ... ) == 0x102
 02438  1300   NtWaitForSingleObject  ... ) == 0x102
 02439  1296   NtWaitForSingleObject  ... ) == 0x102
 02440  1244   NtWaitForSingleObject  ... ) == 0x102
 02441  1240   NtWaitForSingleObject  ... ) == 0x102
 02442  1256   NtWaitForSingleObject  ... ) == 0x102
 02489  1476   NtTestAlert  (...
 02490   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02488   876   NtQueryValueKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02491   964   NtWaitForSingleObject  (448, 0, 0x0, ...
 02492   780   NtWaitForSingleObject  (448, 0, 0x0, ...
 02493  1048   NtWaitForSingleObject  (448, 0, 0x0, ...
 02494  1080   NtWaitForSingleObject  (448, 0, 0x0, ...
 02495  1408   NtWaitForSingleObject  (448, 0, 0x0, ...
 02496  1180   NtWaitForSingleObject  (448, 0, 0x0, ...
 02497  1316   NtWaitForSingleObject  (448, 0, 0x0, ...
 02498  1312   NtWaitForSingleObject  (448, 0, 0x0, ...
 02499  1272   NtWaitForSingleObject  (448, 0, 0x0, ...
 02500  1304   NtWaitForSingleObject  (448, 0, 0x0, ...
 02501  1292   NtWaitForSingleObject  (448, 0, 0x0, ...
 02502  1300   NtWaitForSingleObject  (448, 0, 0x0, ...
 02503  1296   NtWaitForSingleObject  (448, 0, 0x0, ...
 02504  1244   NtWaitForSingleObject  (448, 0, 0x0, ...
 02505  1240   NtWaitForSingleObject  (448, 0, 0x0, ...
 02506  1256   NtWaitForSingleObject  (448, 0, 0x0, ...
 02489  1476   NtTestAlert  ... ) == 0x0
 02490   468   NtAllocateVirtualMemory  ... 104595456, 1048576, ) == 0x0
 02507   876   NtClose  (832, ...
 02508  1476   NtContinue  (104594736, 1, ...
 02509   468   NtAllocateVirtualMemory  (-1, 105635840, 0, 8192, 4096, 4, ...
 02449  1468   NtWaitForSingleObject  ... ) == 0x0
 02487  1112   NtSetEventBoostPriority  ... ) == 0x0
 02510  1476   NtRegisterThreadTerminatePort  (24, ...
 02509   468   NtAllocateVirtualMemory  ... 105635840, 8192, ) == 0x0
 02511  1468   NtSetEventBoostPriority  (448, ...
 02512  1112   NtWaitForSingleObject  (132, 0, 0x0, ...
 02510  1476   NtRegisterThreadTerminatePort  ... ) == 0x0
 02513   468   NtProtectVirtualMemory  (-1, (0x64be000), 4096, 260, ...
 02450  1208   NtWaitForSingleObject  ... ) == 0x0
 02511  1468   NtSetEventBoostPriority  ... ) == 0x0
 02507   876   NtClose  ... ) == 0x0
 02514  1208   NtSetEventBoostPriority  (448, ...
 02513   468   NtProtectVirtualMemory  ... (0x64be000), 4096, 4, ) == 0x0
 02515  1476   NtWaitForSingleObject  (448, 0, 0x0, ...
 02451  1072   NtWaitForSingleObject  ... ) == 0x0
 02514  1208   NtSetEventBoostPriority  ... ) == 0x0
 02516   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe\RpcThreadPoolThrottle"}, ... }, ...
 02517  1468   NtWaitForSingleObject  (132, 0, 0x0, ...
 02518  1072   NtSetEventBoostPriority  (448, ...
 02519   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02516   876   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02452   324   NtWaitForSingleObject  ... ) == 0x0
 02518  1072   NtSetEventBoostPriority  ... ) == 0x0
 02519   468   NtCreateThread  ... 832, {460, 1480}, ) == 0x0
 02520   324   NtSetEventBoostPriority  (448, ...
 02521   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 02522  1208   NtWaitForSingleObject  (132, 0, 0x0, ...
 02453   320   NtWaitForSingleObject  ... ) == 0x0
 02520   324   NtSetEventBoostPriority  ... ) == 0x0
 02523   468   NtQueryInformationThread  (832, Basic, 28, ...
 02524   320   NtSetEventBoostPriority  (448, ...
 02525  1072   NtWaitForSingleObject  (132, 0, 0x0, ...
 02454  1104   NtWaitForSingleObject  ... ) == 0x0
 02524   320   NtSetEventBoostPriority  ... ) == 0x0
 02523   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff5f000,Pid=460,Tid=1480,}, 0x0, ) == 0x0
 02526  1104   NtSetEventBoostPriority  (448, ...
 02527   324   NtWaitForSingleObject  (132, 0, 0x0, ...
 02455  1032   NtWaitForSingleObject  ... ) == 0x0
 02526  1104   NtSetEventBoostPriority  ... ) == 0x0
 02528   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1638, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1638, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO@\3\0\0\314\1\0\0\310\5\0\0" ...  ...
 02529  1032   NtSetEventBoostPriority  (448, ...
 02530   320   NtWaitForSingleObject  (132, 0, 0x0, ...
 02456  1456   NtWaitForSingleObject  ... ) == 0x0
 02529  1032   NtSetEventBoostPriority  ... ) == 0x0
 02531  1456   NtSetEventBoostPriority  (448, ...
 02532  1104   NtWaitForSingleObject  (132, 0, 0x0, ...
 02528   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1639, 0}  ... {28, 56, reply, 0, 460, 468, 1639, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO@\3\0\0\314\1\0\0\310\5\0\0" )  ) == 0x0
 02457  1444   NtWaitForSingleObject  ... ) == 0x0
 02531  1456   NtSetEventBoostPriority  ... ) == 0x0
 02533  1444   NtSetEventBoostPriority  (448, ...
 02534   468   NtResumeThread  (832, ...
 02535  1032   NtWaitForSingleObject  (132, 0, 0x0, ...
 02458  1320   NtWaitForSingleObject  ... ) == 0x0
 02533  1444   NtSetEventBoostPriority  ... ) == 0x0
 02534   468   NtResumeThread  ... 1, ) == 0x0
 02536  1320   NtSetEventBoostPriority  (448, ...
 02537  1456   NtWaitForSingleObject  (132, 0, 0x0, ...
 02538  1480   NtTestAlert  (...
 02459   716   NtWaitForSingleObject  ... ) == 0x0
 02536  1320   NtSetEventBoostPriority  ... ) == 0x0
 02539   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02540   716   NtSetEventBoostPriority  (448, ...
 02538  1480   NtTestAlert  ... ) == 0x0
 02541  1444   NtWaitForSingleObject  (132, 0, 0x0, ...
 02460  1448   NtWaitForSingleObject  ... ) == 0x0
 02540   716   NtSetEventBoostPriority  ... ) == 0x0
 02539   468   NtAllocateVirtualMemory  ... 105644032, 1048576, ) == 0x0
 02542  1480   NtContinue  (105643312, 1, ...
 02543  1448   NtSetEventBoostPriority  (448, ...
 02544  1320   NtWaitForSingleObject  (132, 0, 0x0, ...
 02545   468   NtAllocateVirtualMemory  (-1, 106684416, 0, 8192, 4096, 4, ...
 02461  1216   NtWaitForSingleObject  ... ) == 0x0
 02543  1448   NtSetEventBoostPriority  ... ) == 0x0
 02546  1480   NtRegisterThreadTerminatePort  (24, ...
 02547   716   NtWaitForSingleObject  (132, 0, 0x0, ...
 02548  1216   NtSetEventBoostPriority  (448, ...
 02545   468   NtAllocateVirtualMemory  ... 106684416, 8192, ) == 0x0
 02546  1480   NtRegisterThreadTerminatePort  ... ) == 0x0
 02462  1192   NtWaitForSingleObject  ... ) == 0x0
 02548  1216   NtSetEventBoostPriority  ... ) == 0x0
 02549   468   NtProtectVirtualMemory  (-1, (0x65be000), 4096, 260, ...
 02550  1448   NtWaitForSingleObject  (132, 0, 0x0, ...
 02551  1192   NtSetEventBoostPriority  (448, ...
 02552  1480   NtWaitForSingleObject  (448, 0, 0x0, ...
 02549   468   NtProtectVirtualMemory  ... (0x65be000), 4096, 4, ) == 0x0
 02463  1224   NtWaitForSingleObject  ... ) == 0x0
 02551  1192   NtSetEventBoostPriority  ... ) == 0x0
 02553  1224   NtSetEventBoostPriority  (448, ...
 02554   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02555  1216   NtWaitForSingleObject  (132, 0, 0x0, ...
 02464  1232   NtWaitForSingleObject  ... ) == 0x0
 02553  1224   NtSetEventBoostPriority  ... ) == 0x0
 02554   468   NtCreateThread  ... 836, {460, 1484}, ) == 0x0
 02556  1232   NtSetEventBoostPriority  (448, ...
 02557  1192   NtWaitForSingleObject  (132, 0, 0x0, ...
 02466  1100   NtWaitForSingleObject  ... ) == 0x0
 02556  1232   NtSetEventBoostPriority  ... ) == 0x0
 02558   468   NtQueryInformationThread  (836, Basic, 28, ...
 02559  1100   NtSetEventBoostPriority  (448, ...
 02560  1224   NtWaitForSingleObject  (132, 0, 0x0, ...
 02561  1232   NtWaitForSingleObject  (132, 0, 0x0, ...
 02467  1000   NtWaitForSingleObject  ... ) == 0x0
 02559  1100   NtSetEventBoostPriority  ... ) == 0x0
 02562  1000   NtSetEventBoostPriority  (448, ...
 02558   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff5e000,Pid=460,Tid=1484,}, 0x0, ) == 0x0
 02468  1096   NtWaitForSingleObject  ... ) == 0x0
 02562  1000   NtSetEventBoostPriority  ... ) == 0x0
 02563  1096   NtSetEventBoostPriority  (448, ...
 02564   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1639, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1639, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOD\3\0\0\314\1\0\0\314\5\0\0" ...  ...
 02565  1100   NtWaitForSingleObject  (132, 0, 0x0, ...
 02469  1092   NtWaitForSingleObject  ... ) == 0x0
 02563  1096   NtSetEventBoostPriority  ... ) == 0x0
 02564   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1640, 0}  ... {28, 56, reply, 0, 460, 468, 1640, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOD\3\0\0\314\1\0\0\314\5\0\0" )  ) == 0x0
 02566  1092   NtSetEventBoostPriority  (448, ...
 02567  1000   NtWaitForSingleObject  (132, 0, 0x0, ...
 02470  1004   NtWaitForSingleObject  ... ) == 0x0
 02566  1092   NtSetEventBoostPriority  ... ) == 0x0
 02568   468   NtResumeThread  (836, ...
 02569  1004   NtSetEventBoostPriority  (448, ...
 02570  1096   NtWaitForSingleObject  (132, 0, 0x0, ...
 02471  1076   NtWaitForSingleObject  ... ) == 0x0
 02569  1004   NtSetEventBoostPriority  ... ) == 0x0
 02568   468   NtResumeThread  ... 1, ) == 0x0
 02571  1076   NtSetEventBoostPriority  (448, ...
 02572  1092   NtWaitForSingleObject  (132, 0, 0x0, ...
 02573  1484   NtTestAlert  (...
 02574  1004   NtWaitForSingleObject  (132, 0, 0x0, ...
 02472  1084   NtWaitForSingleObject  ... ) == 0x0
 02571  1076   NtSetEventBoostPriority  ... ) == 0x0
 02573  1484   NtTestAlert  ... ) == 0x0
 02575  1084   NtSetEventBoostPriority  (448, ...
 02576   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02473  1064   NtWaitForSingleObject  ... ) == 0x0
 02575  1084   NtSetEventBoostPriority  ... ) == 0x0
 02577  1484   NtContinue  (106691888, 1, ...
 02578  1064   NtSetEventBoostPriority  (448, ...
 02576   468   NtAllocateVirtualMemory  ... 106692608, 1048576, ) == 0x0
 02579  1076   NtWaitForSingleObject  (132, 0, 0x0, ...
 02474  1152   NtWaitForSingleObject  ... ) == 0x0
 02578  1064   NtSetEventBoostPriority  ... ) == 0x0
 02580  1484   NtRegisterThreadTerminatePort  (24, ...
 02581   468   NtAllocateVirtualMemory  (-1, 107732992, 0, 8192, 4096, 4, ...
 02582  1152   NtSetEventBoostPriority  (448, ...
 02583  1084   NtWaitForSingleObject  (132, 0, 0x0, ...
 02580  1484   NtRegisterThreadTerminatePort  ... ) == 0x0
 02475  1148   NtWaitForSingleObject  ... ) == 0x0
 02582  1152   NtSetEventBoostPriority  ... ) == 0x0
 02581   468   NtAllocateVirtualMemory  ... 107732992, 8192, ) == 0x0
 02584  1064   NtWaitForSingleObject  (132, 0, 0x0, ...
 02585  1148   NtSetEventBoostPriority  (448, ...
 02586  1484   NtWaitForSingleObject  (448, 0, 0x0, ...
 02587   468   NtProtectVirtualMemory  (-1, (0x66be000), 4096, 260, ...
 02476  1128   NtWaitForSingleObject  ... ) == 0x0
 02585  1148   NtSetEventBoostPriority  ... ) == 0x0
 02588  1128   NtSetEventBoostPriority  (448, ...
 02587   468   NtProtectVirtualMemory  ... (0x66be000), 4096, 4, ) == 0x0
 02589  1152   NtWaitForSingleObject  (132, 0, 0x0, ...
 02477  1156   NtWaitForSingleObject  ... ) == 0x0
 02588  1128   NtSetEventBoostPriority  ... ) == 0x0
 02590  1148   NtWaitForSingleObject  (132, 0, 0x0, ...
 02591  1156   NtSetEventBoostPriority  (448, ...
 02592   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02478  1172   NtWaitForSingleObject  ... ) == 0x0
 02591  1156   NtSetEventBoostPriority  ... ) == 0x0
 02593  1172   NtSetEventBoostPriority  (448, ...
 02592   468   NtCreateThread  ... 840, {460, 1488}, ) == 0x0
 02594  1128   NtWaitForSingleObject  (132, 0, 0x0, ...
 02479  1088   NtWaitForSingleObject  ... ) == 0x0
 02593  1172   NtSetEventBoostPriority  ... ) == 0x0
 02595   468   NtQueryInformationThread  (840, Basic, 28, ...
 02596  1088   NtSetEventBoostPriority  (448, ...
 02597  1156   NtWaitForSingleObject  (132, 0, 0x0, ...
 02480   944   NtWaitForSingleObject  ... ) == 0x0
 02596  1088   NtSetEventBoostPriority  ... ) == 0x0
 02595   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff5d000,Pid=460,Tid=1488,}, 0x0, ) == 0x0
 02598   944   NtSetEventBoostPriority  (448, ...
 02599  1172   NtWaitForSingleObject  (132, 0, 0x0, ...
 02481   956   NtWaitForSingleObject  ... ) == 0x0
 02598   944   NtSetEventBoostPriority  ... ) == 0x0
 02600   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1640, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1640, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOH\3\0\0\314\1\0\0\320\5\0\0" ...  ...
 02601   956   NtSetEventBoostPriority  (448, ...
 02602  1088   NtWaitForSingleObject  (132, 0, 0x0, ...
 02482   952   NtWaitForSingleObject  ... ) == 0x0
 02601   956   NtSetEventBoostPriority  ... ) == 0x0
 02603   952   NtSetEventBoostPriority  (448, ...
 02604   944   NtWaitForSingleObject  (132, 0, 0x0, ...
 02600   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1641, 0}  ... {28, 56, reply, 0, 460, 468, 1641, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOH\3\0\0\314\1\0\0\320\5\0\0" )  ) == 0x0
 02483   948   NtWaitForSingleObject  ... ) == 0x0
 02603   952   NtSetEventBoostPriority  ... ) == 0x0
 02605   948   NtSetEventBoostPriority  (448, ...
 02606   468   NtResumeThread  (840, ...
 02607   956   NtWaitForSingleObject  (132, 0, 0x0, ...
 02484  1288   NtWaitForSingleObject  ... ) == 0x0
 02605   948   NtSetEventBoostPriority  ... ) == 0x0
 02606   468   NtResumeThread  ... 1, ) == 0x0
 02608  1288   NtSetEventBoostPriority  (448, ...
 02609   952   NtWaitForSingleObject  (132, 0, 0x0, ...
 02610  1488   NtTestAlert  (...
 02486  1184   NtWaitForSingleObject  ... ) == 0x0
 02608  1288   NtSetEventBoostPriority  ... ) == 0x0
 02611   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02612  1184   NtSetEventBoostPriority  (448, ...
 02610  1488   NtTestAlert  ... ) == 0x0
 02613   948   NtWaitForSingleObject  (132, 0, 0x0, ...
 02491   964   NtWaitForSingleObject  ... ) == 0x0
 02612  1184   NtSetEventBoostPriority  ... ) == 0x0
 02611   468   NtAllocateVirtualMemory  ... 107741184, 1048576, ) == 0x0
 02614  1488   NtContinue  (107740464, 1, ...
 02615   964   NtSetEventBoostPriority  (448, ...
 02616  1288   NtWaitForSingleObject  (132, 0, 0x0, ...
 02617   468   NtAllocateVirtualMemory  (-1, 108781568, 0, 8192, 4096, 4, ...
 02492   780   NtWaitForSingleObject  ... ) == 0x0
 02615   964   NtSetEventBoostPriority  ... ) == 0x0
 02618  1488   NtRegisterThreadTerminatePort  (24, ...
 02619  1184   NtWaitForSingleObject  (132, 0, 0x0, ...
 02620   780   NtSetEventBoostPriority  (448, ...
 02617   468   NtAllocateVirtualMemory  ... 108781568, 8192, ) == 0x0
 02618  1488   NtRegisterThreadTerminatePort  ... ) == 0x0
 02493  1048   NtWaitForSingleObject  ... ) == 0x0
 02620   780   NtSetEventBoostPriority  ... ) == 0x0
 02621   468   NtProtectVirtualMemory  (-1, (0x67be000), 4096, 260, ...
 02622   964   NtWaitForSingleObject  (132, 0, 0x0, ...
 02623  1048   NtAllocateVirtualMemory  (-1, 1384448, 0, 4096, 4096, 4, ...
 02624  1488   NtWaitForSingleObject  (448, 0, 0x0, ...
 02621   468   NtProtectVirtualMemory  ... (0x67be000), 4096, 4, ) == 0x0
 02623  1048   NtAllocateVirtualMemory  ... 1384448, 4096, ) == 0x0
 02625   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02626   780   NtWaitForSingleObject  (132, 0, 0x0, ...
 02625   468   NtCreateThread  ... 844, {460, 1496}, ) == 0x0
 02627   468   NtQueryInformationThread  (844, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff5c000,Pid=460,Tid=1496,}, 0x0, ) == 0x0
 02628   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1641, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1641, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOL\3\0\0\314\1\0\0\330\5\0\0" ... {28, 56, reply, 0, 460, 468, 1642, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOL\3\0\0\314\1\0\0\330\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1642, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1641, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOL\3\0\0\314\1\0\0\330\5\0\0" ... {28, 56, reply, 0, 460, 468, 1642, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOL\3\0\0\314\1\0\0\330\5\0\0" )  ) == 0x0
 02629   468   NtResumeThread  (844, ... 1, ) == 0x0
 02630  1048   NtSetEventBoostPriority  (448, ...
 02631  1496   NtTestAlert  (...
 02494  1080   NtWaitForSingleObject  ... ) == 0x0
 02630  1048   NtSetEventBoostPriority  ... ) == 0x0
 02632  1080   NtSetEventBoostPriority  (448, ...
 02631  1496   NtTestAlert  ... ) == 0x0
 02495  1408   NtWaitForSingleObject  ... ) == 0x0
 02632  1080   NtSetEventBoostPriority  ... ) == 0x0
 02633  1048   NtWaitForSingleObject  (132, 0, 0x0, ...
 02634  1408   NtSetEventBoostPriority  (448, ...
 02635  1496   NtContinue  (108789040, 1, ...
 02636   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02496  1180   NtWaitForSingleObject  ... ) == 0x0
 02634  1408   NtSetEventBoostPriority  ... ) == 0x0
 02637  1496   NtRegisterThreadTerminatePort  (24, ...
 02638  1180   NtSetEventBoostPriority  (448, ...
 02636   468   NtAllocateVirtualMemory  ... 108789760, 1048576, ) == 0x0
 02639  1080   NtWaitForSingleObject  (132, 0, 0x0, ...
 02497  1316   NtWaitForSingleObject  ... ) == 0x0
 02638  1180   NtSetEventBoostPriority  ... ) == 0x0
 02637  1496   NtRegisterThreadTerminatePort  ... ) == 0x0
 02640   468   NtAllocateVirtualMemory  (-1, 109830144, 0, 8192, 4096, 4, ...
 02641  1316   NtSetEventBoostPriority  (448, ...
 02642  1408   NtWaitForSingleObject  (132, 0, 0x0, ...
 02643  1180   NtWaitForSingleObject  (132, 0, 0x0, ...
 02498  1312   NtWaitForSingleObject  ... ) == 0x0
 02641  1316   NtSetEventBoostPriority  ... ) == 0x0
 02640   468   NtAllocateVirtualMemory  ... 109830144, 8192, ) == 0x0
 02644  1312   NtSetEventBoostPriority  (448, ...
 02645  1496   NtWaitForSingleObject  (448, 0, 0x0, ...
 02499  1272   NtWaitForSingleObject  ... ) == 0x0
 02644  1312   NtSetEventBoostPriority  ... ) == 0x0
 02646   468   NtProtectVirtualMemory  (-1, (0x68be000), 4096, 260, ...
 02647  1272   NtSetEventBoostPriority  (448, ...
 02648  1316   NtWaitForSingleObject  (132, 0, 0x0, ...
 02500  1304   NtWaitForSingleObject  ... ) == 0x0
 02647  1272   NtSetEventBoostPriority  ... ) == 0x0
 02646   468   NtProtectVirtualMemory  ... (0x68be000), 4096, 4, ) == 0x0
 02649  1304   NtSetEventBoostPriority  (448, ...
 02650  1312   NtWaitForSingleObject  (132, 0, 0x0, ...
 02651  1272   NtWaitForSingleObject  (132, 0, 0x0, ...
 02501  1292   NtWaitForSingleObject  ... ) == 0x0
 02649  1304   NtSetEventBoostPriority  ... ) == 0x0
 02652  1292   NtSetEventBoostPriority  (448, ...
 02653   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02502  1300   NtWaitForSingleObject  ... ) == 0x0
 02652  1292   NtSetEventBoostPriority  ... ) == 0x0
 02654  1300   NtSetEventBoostPriority  (448, ...
 02653   468   NtCreateThread  ... 848, {460, 1500}, ) == 0x0
 02655  1304   NtWaitForSingleObject  (132, 0, 0x0, ...
 02503  1296   NtWaitForSingleObject  ... ) == 0x0
 02654  1300   NtSetEventBoostPriority  ... ) == 0x0
 02656   468   NtQueryInformationThread  (848, Basic, 28, ...
 02657  1296   NtSetEventBoostPriority  (448, ...
 02658  1292   NtWaitForSingleObject  (132, 0, 0x0, ...
 02504  1244   NtWaitForSingleObject  ... ) == 0x0
 02657  1296   NtSetEventBoostPriority  ... ) == 0x0
 02656   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff5b000,Pid=460,Tid=1500,}, 0x0, ) == 0x0
 02659  1244   NtSetEventBoostPriority  (448, ...
 02660  1300   NtWaitForSingleObject  (132, 0, 0x0, ...
 02505  1240   NtWaitForSingleObject  ... ) == 0x0
 02659  1244   NtSetEventBoostPriority  ... ) == 0x0
 02661   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1642, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1642, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOP\3\0\0\314\1\0\0\334\5\0\0" ...  ...
 02662  1240   NtSetEventBoostPriority  (448, ...
 02663  1296   NtWaitForSingleObject  (132, 0, 0x0, ...
 02506  1256   NtWaitForSingleObject  ... ) == 0x0
 02662  1240   NtSetEventBoostPriority  ... ) == 0x0
 02664  1256   NtSetEventBoostPriority  (448, ...
 02665  1244   NtWaitForSingleObject  (132, 0, 0x0, ...
 02661   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1643, 0}  ... {28, 56, reply, 0, 460, 468, 1643, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOP\3\0\0\314\1\0\0\334\5\0\0" )  ) == 0x0
 02515  1476   NtWaitForSingleObject  ... ) == 0x0
 02664  1256   NtSetEventBoostPriority  ... ) == 0x0
 02666  1476   NtSetEventBoostPriority  (448, ...
 02667   468   NtResumeThread  (848, ...
 02668  1240   NtWaitForSingleObject  (132, 0, 0x0, ...
 02521   876   NtWaitForSingleObject  ... ) == 0x0
 02666  1476   NtSetEventBoostPriority  ... ) == 0x0
 02667   468   NtResumeThread  ... 1, ) == 0x0
 02669   876   NtSetEventBoostPriority  (448, ...
 02670  1476   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02552  1480   NtWaitForSingleObject  ... ) == 0x0
 02669   876   NtSetEventBoostPriority  ... ) == 0x0
 02671   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02672  1256   NtWaitForSingleObject  (132, 0, 0x0, ...
 02673  1500   NtTestAlert  (...
 02674  1480   NtSetEventBoostPriority  (448, ...
 02670  1476   NtDuplicateObject  ... 852, ) == 0x0
 02671   468   NtAllocateVirtualMemory  ... 109838336, 1048576, ) == 0x0
 02586  1484   NtWaitForSingleObject  ... ) == 0x0
 02674  1480   NtSetEventBoostPriority  ... ) == 0x0
 02673  1500   NtTestAlert  ... ) == 0x0
 02675  1476   NtWaitForSingleObject  (448, 0, 0x0, ...
 02676  1484   NtSetEventBoostPriority  (448, ...
 02677   468   NtAllocateVirtualMemory  (-1, 110878720, 0, 8192, 4096, 4, ...
 02678  1480   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02679  1500   NtContinue  (109837616, 1, ...
 02624  1488   NtWaitForSingleObject  ... ) == 0x0
 02676  1484   NtSetEventBoostPriority  ... ) == 0x0
 02680   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 02677   468   NtAllocateVirtualMemory  ... 110878720, 8192, ) == 0x0
 02681  1488   NtSetEventBoostPriority  (448, ...
 02682  1500   NtRegisterThreadTerminatePort  (24, ...
 02683  1484   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02645  1496   NtWaitForSingleObject  ... ) == 0x0
 02681  1488   NtSetEventBoostPriority  ... ) == 0x0
 02684   468   NtProtectVirtualMemory  (-1, (0x69be000), 4096, 260, ...
 02682  1500   NtRegisterThreadTerminatePort  ... ) == 0x0
 02678  1480   NtDuplicateObject  ... 856, ) == 0x0
 02685  1496   NtSetEventBoostPriority  (448, ...
 02686  1488   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02684   468   NtProtectVirtualMemory  ... (0x69be000), 4096, 4, ) == 0x0
 02683  1484   NtDuplicateObject  ... 860, ) == 0x0
 02675  1476   NtWaitForSingleObject  ... ) == 0x0
 02685  1496   NtSetEventBoostPriority  ... ) == 0x0
 02687  1480   NtWaitForSingleObject  (448, 0, 0x0, ...
 02688  1500   NtWaitForSingleObject  (448, 0, 0x0, ...
 02689   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02690  1476   NtSetEventBoostPriority  (448, ...
 02691  1484   NtWaitForSingleObject  (448, 0, 0x0, ...
 02692  1496   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02680   876   NtWaitForSingleObject  ... ) == 0x0
 02690  1476   NtSetEventBoostPriority  ... ) == 0x0
 02689   468   NtCreateThread  ... 864, {460, 1504}, ) == 0x0
 02686  1488   NtDuplicateObject  ... 868, ) == 0x0
 02693   876   NtSetEventBoostPriority  (448, ...
 02692  1496   NtDuplicateObject  ... 872, ) == 0x0
 02694   468   NtQueryInformationThread  (864, Basic, 28, ...
 02687  1480   NtWaitForSingleObject  ... ) == 0x0
 02693   876   NtSetEventBoostPriority  ... ) == 0x0
 02695  1488   NtWaitForSingleObject  (448, 0, 0x0, ...
 02696  1496   NtWaitForSingleObject  (448, 0, 0x0, ...
 02697  1476   NtWaitForSingleObject  (448, 0, 0x0, ...
 02698  1480   NtSetEventBoostPriority  (448, ...
 02699   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 02688  1500   NtWaitForSingleObject  ... ) == 0x0
 02698  1480   NtSetEventBoostPriority  ... ) == 0x0
 02694   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff5a000,Pid=460,Tid=1504,}, 0x0, ) == 0x0
 02700  1500   NtSetEventBoostPriority  (448, ...
 02691  1484   NtWaitForSingleObject  ... ) == 0x0
 02701  1484   NtSetEventBoostPriority  (448, ...
 02695  1488   NtWaitForSingleObject  ... ) == 0x0
 02702  1488   NtSetEventBoostPriority  (448, ...
 02696  1496   NtWaitForSingleObject  ... ) == 0x0
 02703  1496   NtSetEventBoostPriority  (448, ...
 02697  1476   NtWaitForSingleObject  ... ) == 0x0
 02704  1476   NtSetEventBoostPriority  (448, ...
 02699   876   NtWaitForSingleObject  ... ) == 0x0
 02705   876   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 876, ) == 0x0
 02706   876   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 880, ) == 0x0
 02704  1476   NtSetEventBoostPriority  ... ) == 0x0
 02703  1496   NtSetEventBoostPriority  ... ) == 0x0
 02702  1488   NtSetEventBoostPriority  ... ) == 0x0
 02701  1484   NtSetEventBoostPriority  ... ) == 0x0
 02700  1500   NtSetEventBoostPriority  ... ) == 0x0
 02707   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1643, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1643, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO`\3\0\0\314\1\0\0\340\5\0\0" ...  ...
 02708  1480   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02709  1476   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02710   876   NtAllocateVirtualMemory  (-1, 1388544, 0, 4096, 4096, 4, ...
 02711  1496   NtWaitForSingleObject  (448, 0, 0x0, ...
 02712  1488   NtWaitForSingleObject  (448, 0, 0x0, ...
 02713  1500   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02707   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1644, 0}  ... {28, 56, reply, 0, 460, 468, 1644, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO`\3\0\0\314\1\0\0\340\5\0\0" )  ) == 0x0
 02708  1480   NtWaitForSingleObject  ... ) == 0x102
 02714  1484   NtWaitForSingleObject  (448, 0, 0x0, ...
 02710   876   NtAllocateVirtualMemory  ... 1388544, 4096, ) == 0x0
 02709  1476   NtWaitForSingleObject  ... ) == 0x102
 02715   468   NtResumeThread  (864, ...
 02716  1480   NtWaitForSingleObject  (132, 0, 0x0, ...
 02717   876   NtSetEventBoostPriority  (448, ...
 02718  1476   NtWaitForSingleObject  (132, 0, 0x0, ...
 02715   468   NtResumeThread  ... 1, ) == 0x0
 02711  1496   NtWaitForSingleObject  ... ) == 0x0
 02717   876   NtSetEventBoostPriority  ... ) == 0x0
 02713  1500   NtDuplicateObject  ... 884, ) == 0x0
 02719  1504   NtTestAlert  (...
 02720  1496   NtSetEventBoostPriority  (448, ...
 02721   876   NtQuerySystemTime  (...
 02722  1500   NtWaitForSingleObject  (448, 0, 0x0, ...
 02712  1488   NtWaitForSingleObject  ... ) == 0x0
 02720  1496   NtSetEventBoostPriority  ... ) == 0x0
 02719  1504   NtTestAlert  ... ) == 0x0
 02721   876   NtQuerySystemTime  ... {390516370, 29889780}, ) == 0x0
 02723  1488   NtSetEventBoostPriority  (448, ...
 02724  1496   NtWaitForSingleObject  (448, 0, 0x0, ...
 02725  1504   NtContinue  (110886192, 1, ...
 02726   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02714  1484   NtWaitForSingleObject  ... ) == 0x0
 02723  1488   NtSetEventBoostPriority  ... ) == 0x0
 02727   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 02728  1504   NtRegisterThreadTerminatePort  (24, ...
 02729  1484   NtSetEventBoostPriority  (448, ...
 02726   468   NtAllocateVirtualMemory  ... 110886912, 1048576, ) == 0x0
 02730  1488   NtWaitForSingleObject  (592, 0, 0x0, ...
 02722  1500   NtWaitForSingleObject  ... ) == 0x0
 02729  1484   NtSetEventBoostPriority  ... ) == 0x0
 02728  1504   NtRegisterThreadTerminatePort  ... ) == 0x0
 02731   468   NtAllocateVirtualMemory  (-1, 111927296, 0, 8192, 4096, 4, ...
 02732  1500   NtSetEventBoostPriority  (448, ...
 02733  1484   NtWaitForSingleObject  (592, 0, 0x0, ...
 02727   876   NtWaitForSingleObject  ... ) == 0x0
 02732  1500   NtSetEventBoostPriority  ... ) == 0x0
 02731   468   NtAllocateVirtualMemory  ... 111927296, 8192, ) == 0x0
 02734  1504   NtWaitForSingleObject  (448, 0, 0x0, ...
 02735   876   NtSetEventBoostPriority  (448, ...
 02736   468   NtProtectVirtualMemory  (-1, (0x6abe000), 4096, 260, ...
 02724  1496   NtWaitForSingleObject  ... ) == 0x0
 02735   876   NtSetEventBoostPriority  ... ) == 0x0
 02737  1496   NtSetEventBoostPriority  (448, ...
 02736   468   NtProtectVirtualMemory  ... (0x6abe000), 4096, 4, ) == 0x0
 02734  1504   NtWaitForSingleObject  ... ) == 0x0
 02738   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 02737  1496   NtSetEventBoostPriority  ... ) == 0x0
 02739  1500   NtWaitForSingleObject  (448, 0, 0x0, ...
 02740  1504   NtSetEventBoostPriority  (448, ...
 02741   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02742  1496   NtSetEventBoostPriority  (592, ...
 02739  1500   NtWaitForSingleObject  ... ) == 0x0
 02740  1504   NtSetEventBoostPriority  ... ) == 0x0
 02741   468   NtCreateThread  ... 888, {460, 1508}, ) == 0x0
 02743  1500   NtSetEventBoostPriority  (448, ...
 02730  1488   NtWaitForSingleObject  ... ) == 0x0
 02742  1496   NtSetEventBoostPriority  ... ) == 0x0
 02744  1504   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02743  1500   NtSetEventBoostPriority  ... ) == 0x0
 02745  1488   NtWaitForSingleObject  (448, 0, 0x0, ...
 02746   468   NtQueryInformationThread  (888, Basic, 28, ...
 02738   876   NtWaitForSingleObject  ... ) == 0x0
 02747  1496   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02748  1500   NtWaitForSingleObject  (448, 0, 0x0, ...
 02746   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff59000,Pid=460,Tid=1508,}, 0x0, ) == 0x0
 02749   876   NtSetEventBoostPriority  (448, ...
 02747  1496   NtWaitForSingleObject  ... ) == 0x102
 02744  1504   NtDuplicateObject  ... 892, ) == 0x0
 02750   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1644, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1644, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOx\3\0\0\314\1\0\0\344\5\0\0" ...  ...
 02745  1488   NtWaitForSingleObject  ... ) == 0x0
 02749   876   NtSetEventBoostPriority  ... ) == 0x0
 02751  1496   NtWaitForSingleObject  (132, 0, 0x0, ...
 02752  1504   NtWaitForSingleObject  (448, 0, 0x0, ...
 02753  1488   NtSetEventBoostPriority  (448, ...
 02754   876   NtWaitForSingleObject  (592, 0, 0x0, ...
 02753  1488   NtSetEventBoostPriority  ... ) == 0x0
 02752  1504   NtWaitForSingleObject  ... ) == 0x0
 02750   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1645, 0}  ... {28, 56, reply, 0, 460, 468, 1645, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDOx\3\0\0\314\1\0\0\344\5\0\0" )  ) == 0x0
 02755  1504   NtSetEventBoostPriority  (448, ...
 02756   468   NtResumeThread  (888, ...
 02748  1500   NtWaitForSingleObject  ... ) == 0x0
 02755  1504   NtSetEventBoostPriority  ... ) == 0x0
 02757  1500   NtWaitForSingleObject  (592, 0, 0x0, ...
 02756   468   NtResumeThread  ... 1, ) == 0x0
 02758  1488   NtSetEventBoostPriority  (592, ...
 02759   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02733  1484   NtWaitForSingleObject  ... ) == 0x0
 02758  1488   NtSetEventBoostPriority  ... ) == 0x0
 02760  1484   NtSetEventBoostPriority  (592, ...
 02759   468   NtAllocateVirtualMemory  ... 111935488, 1048576, ) == 0x0
 02754   876   NtWaitForSingleObject  ... ) == 0x0
 02761  1488   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02762   468   NtAllocateVirtualMemory  (-1, 112975872, 0, 8192, 4096, 4, ...
 02763   876   NtSetEventBoostPriority  (592, ...
 02761  1488   NtWaitForSingleObject  ... ) == 0x102
 02760  1484   NtSetEventBoostPriority  ... ) == 0x0
 02764  1504   NtWaitForSingleObject  (592, 0, 0x0, ...
 02765  1508   NtTestAlert  (...
 02757  1500   NtWaitForSingleObject  ... ) == 0x0
 02763   876   NtSetEventBoostPriority  ... ) == 0x0
 02766  1488   NtWaitForSingleObject  (132, 0, 0x0, ...
 02767  1484   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02768  1500   NtSetEventBoostPriority  (592, ...
 02765  1508   NtTestAlert  ... ) == 0x0
 02762   468   NtAllocateVirtualMemory  ... 112975872, 8192, ) == 0x0
 02769   876   NtWaitForSingleObject  (592, 0, 0x0, ...
 02764  1504   NtWaitForSingleObject  ... ) == 0x0
 02770  1508   NtContinue  (111934768, 1, ...
 02771   468   NtProtectVirtualMemory  (-1, (0x6bbe000), 4096, 260, ...
 02772  1504   NtSetEventBoostPriority  (592, ...
 02773  1508   NtRegisterThreadTerminatePort  (24, ...
 02771   468   NtProtectVirtualMemory  ... (0x6bbe000), 4096, 4, ) == 0x0
 02769   876   NtWaitForSingleObject  ... ) == 0x0
 02772  1504   NtSetEventBoostPriority  ... ) == 0x0
 02773  1508   NtRegisterThreadTerminatePort  ... ) == 0x0
 02774   876   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 02775   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02776  1504   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02768  1500   NtSetEventBoostPriority  ... ) == 0x0
 02767  1484   NtWaitForSingleObject  ... ) == 0x102
 02774   876   NtCreateEvent  ... 896, ) == 0x0
 02775   468   NtCreateThread  ... 900, {460, 1512}, ) == 0x0
 02777  1508   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02776  1504   NtWaitForSingleObject  ... ) == 0x102
 02778   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Policies\Microsoft\Windows NT\Rpc"}, ... }, ...
 02779  1484   NtWaitForSingleObject  (132, 0, 0x0, ...
 02780   468   NtQueryInformationThread  (900, Basic, 28, ...
 02777  1508   NtDuplicateObject  ... 904, ) == 0x0
 02781  1504   NtWaitForSingleObject  (132, 0, 0x0, ...
 02782  1500   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02778   876   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02783  1508   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02782  1500   NtWaitForSingleObject  ... ) == 0x102
 02784   876   NtQuerySystemInformation  (Performance, 312, ...
 02783  1508   NtWaitForSingleObject  ... ) == 0x102
 02785  1500   NtWaitForSingleObject  (132, 0, 0x0, ...
 02784   876   NtQuerySystemInformation  ... {system info, class 2, size 312}, 0x0, ) == 0x0
 02786  1508   NtWaitForSingleObject  (132, 0, 0x0, ...
 02787   876   NtQueryInformationProcess  (-1, QuotaLimits, 32, ...
 02780   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff58000,Pid=460,Tid=1512,}, 0x0, ) == 0x0
 02787   876   NtQueryInformationProcess  ... {process info, class 1, size 32}, 0x0, ) == 0x0
 02788   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1645, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1645, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\204\3\0\0\314\1\0\0\350\5\0\0" ...  ...
 02789   876   NtQueryInformationProcess  (-1, VmCounters, 44, ...
 02788   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1646, 0}  ... {28, 56, reply, 0, 460, 468, 1646, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\204\3\0\0\314\1\0\0\350\5\0\0" )  ) == 0x0
 02790   468   NtResumeThread  (900, ... 1, ) == 0x0
 02791   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 112984064, 1048576, ) == 0x0
 02792   468   NtAllocateVirtualMemory  (-1, 114024448, 0, 8192, 4096, 4, ... 114024448, 8192, ) == 0x0
 02793   468   NtProtectVirtualMemory  (-1, (0x6cbe000), 4096, 260, ... (0x6cbe000), 4096, 4, ) == 0x0
 02789   876   NtQueryInformationProcess  ... {process info, class 3, size 44}, 0x0, ) == 0x0
 02794  1512   NtTestAlert  (...
 02795   876   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 02794  1512   NtTestAlert  ... ) == 0x0
 02795   876   NtCreateEvent  ... 908, ) == 0x0
 02796  1512   NtContinue  (112983344, 1, ...
 02797   876   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02798  1512   NtRegisterThreadTerminatePort  (24, ...
 02797   876   NtDuplicateObject  ... 912, ) == 0x0
 02798  1512   NtRegisterThreadTerminatePort  ... ) == 0x0
 02799   876   NtAllocateVirtualMemory  (-1, 1392640, 0, 4096, 4096, 4, ...
 02800   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02801  1512   NtWaitForSingleObject  (448, 0, 0x0, ...
 02800   468   NtCreateThread  ... 916, {460, 1516}, ) == 0x0
 02802   468   NtQueryInformationThread  (916, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff57000,Pid=460,Tid=1516,}, 0x0, ) == 0x0
 02803   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1646, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1646, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\224\3\0\0\314\1\0\0\354\5\0\0" ... {28, 56, reply, 0, 460, 468, 1647, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\224\3\0\0\314\1\0\0\354\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1647, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1646, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\224\3\0\0\314\1\0\0\354\5\0\0" ... {28, 56, reply, 0, 460, 468, 1647, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\224\3\0\0\314\1\0\0\354\5\0\0" )  ) == 0x0
 02804   468   NtResumeThread  (916, ... 1, ) == 0x0
 02805   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 114032640, 1048576, ) == 0x0
 02806   468   NtAllocateVirtualMemory  (-1, 115073024, 0, 8192, 4096, 4, ...
 02799   876   NtAllocateVirtualMemory  ... 1392640, 4096, ) == 0x0
 02807  1516   NtTestAlert  (...
 02808   876   NtSetEventBoostPriority  (448, ...
 02807  1516   NtTestAlert  ... ) == 0x0
 02801  1512   NtWaitForSingleObject  ... ) == 0x0
 02808   876   NtSetEventBoostPriority  ... ) == 0x0
 02809  1512   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02810  1516   NtContinue  (114031920, 1, ...
 02809  1512   NtDuplicateObject  ... 920, ) == 0x0
 02811   876   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ...
 02812  1512   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02813  1516   NtRegisterThreadTerminatePort  (24, ...
 02811   876   NtCreateEvent  ... 924, ) == 0x0
 02806   468   NtAllocateVirtualMemory  ... 115073024, 8192, ) == 0x0
 02813  1516   NtRegisterThreadTerminatePort  ... ) == 0x0
 02814   876   NtConnectPort  ( ("\RPC Control\DNSResolver", {12, 2, 1, 1}, 0x0, 0x0, 14413436, 112, ... , {12, 2, 1, 1}, 0x0, 0x0, 14413436, 112, ...
 02815   468   NtProtectVirtualMemory  (-1, (0x6dbe000), 4096, 260, ...
 02812  1512   NtWaitForSingleObject  ... ) == 0x102
 02816  1516   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02815   468   NtProtectVirtualMemory  ... (0x6dbe000), 4096, 4, ) == 0x0
 02817  1512   NtWaitForSingleObject  (132, 0, 0x0, ...
 02816  1516   NtDuplicateObject  ... 928, ) == 0x0
 02818   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02819  1516   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02818   468   NtCreateThread  ... 932, {460, 340}, ) == 0x0
 02819  1516   NtWaitForSingleObject  ... ) == 0x102
 02820   468   NtQueryInformationThread  (932, Basic, 28, ...
 02821  1516   NtWaitForSingleObject  (132, 0, 0x0, ...
 02814   876   NtConnectPort  ... 936, 0x0, 0x0, 0x0, 112, ) == 0x0
 02820   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff56000,Pid=460,Tid=340,}, 0x0, ) == 0x0
 02822   876   NtRequestWaitReplyPort  (936, {128, 152, new_msg, 0, 1310720, 126032, 1310720, 14413200}  (936, {128, 152, new_msg, 0, 1310720, 126032, 1310720, 14413200} "\0$\370w@\364\333\0\2$\370w\1kwEVY\205D\237\200\364(\367\326\1)\2\0\0\0\1\0\0\0\220B\25\0\4\0\0\0\220B\25\0\20\344\314w\220B\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\0\0x\1\24\0\0\0\0\08B\25\0\370>\25\0\20B\25\0\0\0\0\0\0\0\0\0\0\0\0\08B\25\0\0\0\0\0\0\0\0\0\0\0\0\0" ...  ...
 02823   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1647, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1647, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\244\3\0\0\314\1\0\0T\1\0\0" ... {28, 56, reply, 0, 460, 468, 1650, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\244\3\0\0\314\1\0\0T\1\0\0" )  ... {28, 56, reply, 0, 460, 468, 1650, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1647, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\244\3\0\0\314\1\0\0T\1\0\0" ... {28, 56, reply, 0, 460, 468, 1650, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\244\3\0\0\314\1\0\0T\1\0\0" )  ) == 0x0
 02824   468   NtResumeThread  (932, ... 1, ) == 0x0
 02822   876   NtRequestWaitReplyPort  ... {128, 152, reply, 0, 460, 876, 1649, 0}  ... {128, 152, reply, 0, 460, 876, 1649, 0} "\7$\370w@\364\333\0\2$\370w\1kwEVY\205D\237\200\364(\367\326\1)\2\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\220B\25\0\377\377\377\377\220B\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\0\0x\1\24\0\0\0\0\08B\25\0\370>\25\0\20B\25\0\0\0\0\0\0\0\0\0\0\0\0\08B\25\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 02825   340   NtTestAlert  (...
 02826   876   NtRequestWaitReplyPort  (936, {64, 88, new_msg, 0, 0, 0, 0, 0}  (936, {64, 88, new_msg, 0, 0, 0, 0, 0} "\1\0\0\0A\2\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ...  ...
 02825   340   NtTestAlert  ... ) == 0x0
 02827   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02828   340   NtContinue  (115080496, 1, ...
 02827   468   NtAllocateVirtualMemory  ... 115081216, 1048576, ) == 0x0
 02829   340   NtRegisterThreadTerminatePort  (24, ...
 02830   468   NtAllocateVirtualMemory  (-1, 116121600, 0, 8192, 4096, 4, ...
 02829   340   NtRegisterThreadTerminatePort  ... ) == 0x0
 02830   468   NtAllocateVirtualMemory  ... 116121600, 8192, ) == 0x0
 02831   468   NtProtectVirtualMemory  (-1, (0x6ebe000), 4096, 260, ... (0x6ebe000), 4096, 4, ) == 0x0
 02832   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 940, {460, 1524}, ) == 0x0
 02833   468   NtQueryInformationThread  (940, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff55000,Pid=460,Tid=1524,}, 0x0, ) == 0x0
 02834   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1650, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1650, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\254\3\0\0\314\1\0\0\364\5\0\0" ...  ...
 02835   340   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 944, ) == 0x0
 02836   340   NtWaitForSingleObject  (72, 0, {0, 0}, ... ) == 0x102
 02837   340   NtWaitForSingleObject  (132, 0, 0x0, ...
 02834   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1652, 0}  ... {28, 56, reply, 0, 460, 468, 1652, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\254\3\0\0\314\1\0\0\364\5\0\0" )  ) == 0x0
 02838   468   NtResumeThread  (940, ... 1, ) == 0x0
 02839   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 116129792, 1048576, ) == 0x0
 02840   468   NtAllocateVirtualMemory  (-1, 117170176, 0, 8192, 4096, 4, ... 117170176, 8192, ) == 0x0
 02841   468   NtProtectVirtualMemory  (-1, (0x6fbe000), 4096, 260, ... (0x6fbe000), 4096, 4, ) == 0x0
 02842   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 948, {460, 1412}, ) == 0x0
 02843   468   NtQueryInformationThread  (948, Basic, 28, ...
 02844  1524   NtAllocateVirtualMemory  (-1, 8810496, 0, 4096, 4096, 4, ... 8810496, 4096, ) == 0x0
 02845  1524   NtTestAlert  (... ) == 0x0
 02846  1524   NtContinue  (116129072, 1, ...
 02847  1524   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 02848  1524   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 952, ) == 0x0
 02849  1524   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02843   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff54000,Pid=460,Tid=1412,}, 0x0, ) == 0x0
 02850   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1652, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1652, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\264\3\0\0\314\1\0\0\204\5\0\0" ... {28, 56, reply, 0, 460, 468, 1653, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\264\3\0\0\314\1\0\0\204\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1653, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1652, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\264\3\0\0\314\1\0\0\204\5\0\0" ... {28, 56, reply, 0, 460, 468, 1653, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\264\3\0\0\314\1\0\0\204\5\0\0" )  ) == 0x0
 02851   468   NtResumeThread  (948, ... 1, ) == 0x0
 02849  1524   NtWaitForSingleObject  ... ) == 0x102
 02852  1412   NtTestAlert  (...
 02853  1524   NtWaitForSingleObject  (132, 0, 0x0, ...
 02852  1412   NtTestAlert  ... ) == 0x0
 02854  1412   NtContinue  (117177648, 1, ...
 02855  1412   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 02856  1412   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 956, ) == 0x0
 02857  1412   NtWaitForSingleObject  (72, 0, {0, 0}, ... ) == 0x102
 02858  1412   NtWaitForSingleObject  (132, 0, 0x0, ...
 02859   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02826   876   NtRequestWaitReplyPort  ... {52, 76, reply, 0, 460, 876, 1651, 0}  ... {52, 76, reply, 0, 460, 876, 1651, 0} "\2\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0hp\12\0\1\0\0\0\1\0\0\0\300\250|\201\377\377\377\0" )  ) == 0x0
 02859   468   NtAllocateVirtualMemory  ... 117178368, 1048576, ) == 0x0
 02860   876   NtClose  (924, ...
 02861   468   NtAllocateVirtualMemory  (-1, 118218752, 0, 8192, 4096, 4, ...
 02860   876   NtClose  ... ) == 0x0
 02861   468   NtAllocateVirtualMemory  ... 118218752, 8192, ) == 0x0
 02862   876   NtClose  (936, ...
 02863   468   NtProtectVirtualMemory  (-1, (0x70be000), 4096, 260, ...
 02862   876   NtClose  ... ) == 0x0
 02863   468   NtProtectVirtualMemory  ... (0x70be000), 4096, 4, ) == 0x0
 02864   876   NtCreateKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... 936, 2, ) }, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... 936, 2, ) , 0, ... 936, 2, ) == 0x0
 02865   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\DnsCache\Parameters"}, ... 924, ) }, ... 924, ) == 0x0
 02866   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Policies\Microsoft\Windows NT\DnsClient"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02867   876   NtQueryValueKey  (936,  (936, "Hostname", Partial, 144, ... TitleIdx=0, Type=1, Data="M\0Y\0W\0O\0R\0L\0D\0\0\0"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (936, "Hostname", Partial, 144, ... TitleIdx=0, Type=1, Data="M\0Y\0W\0O\0R\0L\0D\0\0\0"}, 28, ) }, 28, ) == 0x0
 02868   876   NtQueryValueKey  (936,  (936, "Hostname", Partial, 144, ... TitleIdx=0, Type=1, Data="M\0Y\0W\0O\0R\0L\0D\0\0\0"}, 28, ) , Partial, 144, ... TitleIdx=0, Type=1, Data= (936, "Hostname", Partial, 144, ... TitleIdx=0, Type=1, Data="M\0Y\0W\0O\0R\0L\0D\0\0\0"}, 28, ) }, 28, ) == 0x0
 02869   876   NtClose  (936, ... ) == 0x0
 02870   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 936, {460, 1284}, ) == 0x0
 02871   468   NtQueryInformationThread  (936, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff53000,Pid=460,Tid=1284,}, 0x0, ) == 0x0
 02872   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1653, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1653, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\250\3\0\0\314\1\0\0\4\5\0\0" ... {28, 56, reply, 0, 460, 468, 1655, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\250\3\0\0\314\1\0\0\4\5\0\0" )  ... {28, 56, reply, 0, 460, 468, 1655, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1653, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\250\3\0\0\314\1\0\0\4\5\0\0" ... {28, 56, reply, 0, 460, 468, 1655, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\250\3\0\0\314\1\0\0\4\5\0\0" )  ) == 0x0
 02873   468   NtResumeThread  (936, ... 1, ) == 0x0
 02874   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 118226944, 1048576, ) == 0x0
 02875   468   NtAllocateVirtualMemory  (-1, 119267328, 0, 8192, 4096, 4, ...
 02876   876   NtClose  (924, ...
 02877  1284   NtTestAlert  (...
 02876   876   NtClose  ... ) == 0x0
 02877  1284   NtTestAlert  ... ) == 0x0
 02878   876   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ...
 02879  1284   NtContinue  (118226224, 1, ...
 02878   876   NtCreateEvent  ... 924, ) == 0x0
 02880  1284   NtRegisterThreadTerminatePort  (24, ...
 02881   876   NtConnectPort  ( ("\RPC Control\DNSResolver", {12, 2, 1, 1}, 0x0, 0x0, 14413300, 112, ... , {12, 2, 1, 1}, 0x0, 0x0, 14413300, 112, ...
 02880  1284   NtRegisterThreadTerminatePort  ... ) == 0x0
 02875   468   NtAllocateVirtualMemory  ... 119267328, 8192, ) == 0x0
 02882   468   NtProtectVirtualMemory  (-1, (0x71be000), 4096, 260, ... (0x71be000), 4096, 4, ) == 0x0
 02883   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 960, {460, 1548}, ) == 0x0
 02884   468   NtQueryInformationThread  (960, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff52000,Pid=460,Tid=1548,}, 0x0, ) == 0x0
 02885   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1655, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1655, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\300\3\0\0\314\1\0\0\14\6\0\0" ... {28, 56, reply, 0, 460, 468, 1657, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\300\3\0\0\314\1\0\0\14\6\0\0" )  ... {28, 56, reply, 0, 460, 468, 1657, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1655, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\300\3\0\0\314\1\0\0\14\6\0\0" ... {28, 56, reply, 0, 460, 468, 1657, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\300\3\0\0\314\1\0\0\14\6\0\0" )  ) == 0x0
 02886   468   NtResumeThread  (960, ... 1, ) == 0x0
 02887  1284   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02881   876   NtConnectPort  ... 964, 0x0, 0x0, 0x0, 112, ) == 0x0
 02888  1548   NtTestAlert  (...
 02887  1284   NtDuplicateObject  ... 968, ) == 0x0
 02889   876   NtRequestWaitReplyPort  (964, {128, 152, new_msg, 0, 1310720, 125896, 1310720, 14413064}  (964, {128, 152, new_msg, 0, 1310720, 125896, 1310720, 14413064} "\0$\370w\270\363\333\0\2$\370w\1kwEVY\205D\237\200\364(\367\326\1)\2\0\0\0\1\0\0\0\220B\25\0\4\0\0\0\220B\25\0\20\344\314w\220B\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3\0@=\25\0\0?\25\0\0\0\0\0\10\0\0\0?\360\367w\221\337\314w\0\0\0\0\0\0\333\0\364\356\333\0\0\0\0\0\0\0\0\0\20B\25\0\5\0\0\0" ...  ...
 02888  1548   NtTestAlert  ... ) == 0x0
 02890  1284   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02891  1548   NtContinue  (119274800, 1, ...
 02890  1284   NtWaitForSingleObject  ... ) == 0x102
 02892  1548   NtRegisterThreadTerminatePort  (24, ...
 02893  1284   NtWaitForSingleObject  (132, 0, 0x0, ...
 02892  1548   NtRegisterThreadTerminatePort  ... ) == 0x0
 02894   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02889   876   NtRequestWaitReplyPort  ... {128, 152, reply, 0, 460, 876, 1658, 0}  ... {128, 152, reply, 0, 460, 876, 1658, 0} "\7$\370w\270\363\333\0\2$\370w\1kwEVY\205D\237\200\364(\367\326\1)\2\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\220B\25\0\377\377\377\377\220B\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3\0@=\25\0\0?\25\0\0\0\0\0\10\0\0\0?\360\367w\221\337\314w\0\0\0\0\0\0\333\0\364\356\333\0\0\0\0\0\0\0\0\0\20B\25\0\5\0\0\0" )  ) == 0x0
 02894   468   NtAllocateVirtualMemory  ... 119275520, 1048576, ) == 0x0
 02895   876   NtRequestWaitReplyPort  (964, {44, 68, new_msg, 0, 460, 876, 1651, 0}  (964, {44, 68, new_msg, 0, 460, 876, 1651, 0} "\1\0\0\0A\2\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0" ...  ...
 02896   468   NtAllocateVirtualMemory  (-1, 120315904, 0, 8192, 4096, 4, ... 120315904, 8192, ) == 0x0
 02897   468   NtProtectVirtualMemory  (-1, (0x72be000), 4096, 260, ... (0x72be000), 4096, 4, ) == 0x0
 02898  1548   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 972, ) == 0x0
 02899  1548   NtWaitForSingleObject  (72, 0, {0, 0}, ... ) == 0x102
 02900  1548   NtWaitForSingleObject  (132, 0, 0x0, ...
 02901   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 976, {460, 1616}, ) == 0x0
 02902   468   NtQueryInformationThread  (976, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff51000,Pid=460,Tid=1616,}, 0x0, ) == 0x0
 02903   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1657, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1657, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\320\3\0\0\314\1\0\0P\6\0\0" ... {28, 56, reply, 0, 460, 468, 1660, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\320\3\0\0\314\1\0\0P\6\0\0" )  ... {28, 56, reply, 0, 460, 468, 1660, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1657, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\320\3\0\0\314\1\0\0P\6\0\0" ... {28, 56, reply, 0, 460, 468, 1660, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\320\3\0\0\314\1\0\0P\6\0\0" )  ) == 0x0
 02904   468   NtResumeThread  (976, ... 1, ) == 0x0
 02905   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 120324096, 1048576, ) == 0x0
 02906   468   NtAllocateVirtualMemory  (-1, 121364480, 0, 8192, 4096, 4, ...
 02907  1616   NtTestAlert  (... ) == 0x0
 02908  1616   NtContinue  (120323376, 1, ...
 02909  1616   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 02910  1616   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 980, ) == 0x0
 02911  1616   NtWaitForSingleObject  (72, 0, {0, 0}, ... ) == 0x102
 02912  1616   NtWaitForSingleObject  (132, 0, 0x0, ...
 02906   468   NtAllocateVirtualMemory  ... 121364480, 8192, ) == 0x0
 02913   468   NtProtectVirtualMemory  (-1, (0x73be000), 4096, 260, ... (0x73be000), 4096, 4, ) == 0x0
 02914   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 984, {460, 1656}, ) == 0x0
 02915   468   NtQueryInformationThread  (984, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff50000,Pid=460,Tid=1656,}, 0x0, ) == 0x0
 02916   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1660, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1660, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\3\0\0\314\1\0\0x\6\0\0" ... {28, 56, reply, 0, 460, 468, 1661, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\3\0\0\314\1\0\0x\6\0\0" )  ... {28, 56, reply, 0, 460, 468, 1661, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1660, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\3\0\0\314\1\0\0x\6\0\0" ... {28, 56, reply, 0, 460, 468, 1661, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\330\3\0\0\314\1\0\0x\6\0\0" )  ) == 0x0
 02917   468   NtResumeThread  (984, ... 1, ) == 0x0
 02918  1656   NtTestAlert  (... ) == 0x0
 02919  1656   NtContinue  (121371952, 1, ...
 02920  1656   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 02921  1656   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ... 988, ) == 0x0
 02922  1656   NtAllocateVirtualMemory  (-1, 1396736, 0, 4096, 4096, 4, ... 1396736, 4096, ) == 0x0
 02923  1656   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02924   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 121372672, 1048576, ) == 0x0
 02925   468   NtAllocateVirtualMemory  (-1, 122413056, 0, 8192, 4096, 4, ... 122413056, 8192, ) == 0x0
 02926   468   NtProtectVirtualMemory  (-1, (0x74be000), 4096, 260, ... (0x74be000), 4096, 4, ) == 0x0
 02923  1656   NtWaitForSingleObject  ... ) == 0x102
 02927  1656   NtWaitForSingleObject  (132, 0, 0x0, ...
 02928   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 992, {460, 1664}, ) == 0x0
 02929   468   NtQueryInformationThread  (992, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4f000,Pid=460,Tid=1664,}, 0x0, ) == 0x0
 02930   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1661, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1661, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\3\0\0\314\1\0\0\200\6\0\0" ... {28, 56, reply, 0, 460, 468, 1662, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\3\0\0\314\1\0\0\200\6\0\0" )  ... {28, 56, reply, 0, 460, 468, 1662, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1661, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\3\0\0\314\1\0\0\200\6\0\0" ... {28, 56, reply, 0, 460, 468, 1662, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\340\3\0\0\314\1\0\0\200\6\0\0" )  ) == 0x0
 02931   468   NtResumeThread  (992, ... 1, ) == 0x0
 02932   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 122421248, 1048576, ) == 0x0
 02933   468   NtAllocateVirtualMemory  (-1, 123461632, 0, 8192, 4096, 4, ...
 02895   876   NtRequestWaitReplyPort  ... {40, 64, reply, 0, 460, 876, 1659, 0}  ... {40, 64, reply, 0, 460, 876, 1659, 0} "\2\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\324\1\0\0\0f\12\0" )  ) == 0x0
 02934  1664   NtTestAlert  (...
 02935   876   NtRequestWaitReplyPort  (964, {64, 88, new_msg, 56, 0, 1, 0, 0}  (964, {64, 88, new_msg, 56, 0, 1, 0, 0} "\10\357\333\0@\0\314w\330<\25\0\274\357\333\0$\360\333\0\0\267\362v$\360\333\0\330<\25\0\1\0\0\0 Q\25\0\324\1\0\0\324\1\0\0\0f\12\0\0\0\0\0\0\0\0\0\0\0\0\0" ...  ...
 02934  1664   NtTestAlert  ... ) == 0x0
 02936  1664   NtContinue  (122420528, 1, ...
 02937  1664   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 02935   876   NtRequestWaitReplyPort  ... {64, 88, reply, 56, 460, 876, 1663, 0}  ... {64, 88, reply, 56, 460, 876, 1663, 0} "\10\357\333\0@\0\314w\330<\25\0\274\357\333\0$\360\333\0\0\267\362v$\360\333\0\330<\25\0\1\0\0\0 Q\25\0\324\1\0\0\324\1\0\0\0f\12\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 02933   468   NtAllocateVirtualMemory  ... 123461632, 8192, ) == 0x0
 02938   876   NtClose  (924, ...
 02939   468   NtProtectVirtualMemory  (-1, (0x75be000), 4096, 260, ...
 02938   876   NtClose  ... ) == 0x0
 02939   468   NtProtectVirtualMemory  ... (0x75be000), 4096, 4, ) == 0x0
 02940  1664   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02941   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 02940  1664   NtDuplicateObject  ... 924, ) == 0x0
 02941   468   NtCreateThread  ... 996, {460, 1684}, ) == 0x0
 02942  1664   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02943   468   NtQueryInformationThread  (996, Basic, 28, ...
 02942  1664   NtWaitForSingleObject  ... ) == 0x102
 02944   876   NtClose  (964, ...
 02945  1664   NtWaitForSingleObject  (132, 0, 0x0, ...
 02944   876   NtClose  ... ) == 0x0
 02943   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff4e000,Pid=460,Tid=1684,}, 0x0, ) == 0x0
 02946   876   NtCreateKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... }, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, 0, "Class", 0, ... , 0, ...
 02947   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1662, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1662, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\344\3\0\0\314\1\0\0\224\6\0\0" ...  ...
 02946   876   NtCreateKey  ... 964, 2, ) == 0x0
 02947   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1665, 0}  ... {28, 56, reply, 0, 460, 468, 1665, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\344\3\0\0\314\1\0\0\224\6\0\0" )  ) == 0x0
 02948   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\DnsCache\Parameters"}, ... }, ...
 02949   468   NtResumeThread  (996, ...
 02948   876   NtOpenKey  ... 1000, ) == 0x0
 02949   468   NtResumeThread  ... 1, ) == 0x0
 02950   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Policies\Microsoft\Windows NT\DnsClient"}, ... }, ...
 02951  1684   NtTestAlert  (...
 02950   876   NtOpenKey  ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02951  1684   NtTestAlert  ... ) == 0x0
 02952   876   NtQueryValueKey  (964,  (964, "Domain", Partial, 144, ... , Partial, 144, ...
 02953  1684   NtContinue  (123469104, 1, ...
 02952   876   NtQueryValueKey  ... TitleIdx=0, Type=1, Data= ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 02954  1684   NtRegisterThreadTerminatePort  (24, ...
 02955   876   NtQueryValueKey  (964,  (964, "Domain", Partial, 144, ... , Partial, 144, ...
 02954  1684   NtRegisterThreadTerminatePort  ... ) == 0x0
 02955   876   NtQueryValueKey  ... TitleIdx=0, Type=1, Data= ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 02956   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 02957  1684   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 02956   468   NtAllocateVirtualMemory  ... 123469824, 1048576, ) == 0x0
 02957  1684   NtDuplicateObject  ... 1004, ) == 0x0
 02958   468   NtAllocateVirtualMemory  (-1, 124510208, 0, 8192, 4096, 4, ...
 02959  1684   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 02958   468   NtAllocateVirtualMemory  ... 124510208, 8192, ) == 0x0
 02959  1684   NtWaitForSingleObject  ... ) == 0x102
 02960   468   NtProtectVirtualMemory  (-1, (0x76be000), 4096, 260, ...
 02961  1684   NtWaitForSingleObject  (132, 0, 0x0, ...
 02960   468   NtProtectVirtualMemory  ... (0x76be000), 4096, 4, ) == 0x0
 02962   876   NtClose  (964, ... ) == 0x0
 02963   876   NtClose  (1000, ... ) == 0x0
 02964   876   NtOpenKey  (0x1, {24, 28, 0x40, 0, 0,  (0x1, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\Tcpip\Parameters"}, ... 1000, ) }, ... 1000, ) == 0x0
 02965   876   NtQueryValueKey  (1000,  (1000, "DnsNbtLookupOrder", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 02966   876   NtClose  (1000, ... ) == 0x0
 02967   876   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\winrnr.dll"}, 14412844, ... ) }, 14412844, ... ) == 0x0
 02968   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 1000, {460, 1688}, ) == 0x0
 02969   468   NtQueryInformationThread  (1000, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4d000,Pid=460,Tid=1688,}, 0x0, ) == 0x0
 02970   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1665, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1665, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\350\3\0\0\314\1\0\0\230\6\0\0" ... {28, 56, reply, 0, 460, 468, 1666, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\350\3\0\0\314\1\0\0\230\6\0\0" )  ... {28, 56, reply, 0, 460, 468, 1666, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1665, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\350\3\0\0\314\1\0\0\230\6\0\0" ... {28, 56, reply, 0, 460, 468, 1666, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\350\3\0\0\314\1\0\0\230\6\0\0" )  ) == 0x0
 02971   468   NtResumeThread  (1000, ... 1, ) == 0x0
 02972   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 124518400, 1048576, ) == 0x0
 02973   468   NtAllocateVirtualMemory  (-1, 125558784, 0, 8192, 4096, 4, ...
 02974   876   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\winrnr.dll"}, 5, 96, ... }, 5, 96, ...
 02975  1688   NtWaitForSingleObject  (96, 0, 0x0, ...
 02974   876   NtOpenFile  ... 964, {status=0x0, info=1}, ) == 0x0
 02976   876   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 964, ... 1008, ) == 0x0
 02977   876   NtClose  (964, ... ) == 0x0
 02978   876   NtMapViewOfSection  (1008, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x850000), 0x0, 16384, ) == 0x0
 02979   876   NtClose  (1008, ... ) == 0x0
 02980   876   NtUnmapViewOfSection  (-1, 0x850000, ... ) == 0x0
 02973   468   NtAllocateVirtualMemory  ... 125558784, 8192, ) == 0x0
 02981   468   NtProtectVirtualMemory  (-1, (0x77be000), 4096, 260, ... (0x77be000), 4096, 4, ) == 0x0
 02982   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 1008, {460, 1632}, ) == 0x0
 02983   468   NtQueryInformationThread  (1008, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4c000,Pid=460,Tid=1632,}, 0x0, ) == 0x0
 02984   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1666, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1666, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\360\3\0\0\314\1\0\0`\6\0\0" ... {28, 56, reply, 0, 460, 468, 1667, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\360\3\0\0\314\1\0\0`\6\0\0" )  ... {28, 56, reply, 0, 460, 468, 1667, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1666, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\360\3\0\0\314\1\0\0`\6\0\0" ... {28, 56, reply, 0, 460, 468, 1667, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\360\3\0\0\314\1\0\0`\6\0\0" )  ) == 0x0
 02985   468   NtResumeThread  (1008, ... 1, ) == 0x0
 02986   876   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\winrnr.dll"}, 14413160, ... }, 14413160, ...
 02987  1632   NtWaitForSingleObject  (96, 0, 0x0, ...
 02986   876   NtQueryAttributesFile  ... ) == 0x0
 02988   876   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\winrnr.dll"}, 5, 96, ... 964, {status=0x0, info=1}, ) }, 5, 96, ... 964, {status=0x0, info=1}, ) == 0x0
 02989   876   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 964, ... 1012, ) == 0x0
 02990   876   NtQuerySection  (1012, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 02991   876   NtClose  (964, ... ) == 0x0
 02992   876   NtMapViewOfSection  (1012, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x76fb0000), 0x0, 28672, ) == 0x0
 02993   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 125566976, 1048576, ) == 0x0
 02994   468   NtAllocateVirtualMemory  (-1, 126607360, 0, 8192, 4096, 4, ... 126607360, 8192, ) == 0x0
 02995   468   NtProtectVirtualMemory  (-1, (0x78be000), 4096, 260, ... (0x78be000), 4096, 4, ) == 0x0
 02996   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 964, {460, 1596}, ) == 0x0
 02997   468   NtQueryInformationThread  (964, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff4b000,Pid=460,Tid=1596,}, 0x0, ) == 0x0
 02998   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1667, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1667, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\304\3\0\0\314\1\0\0<\6\0\0" ...  ...
 02999   876   NtClose  (1012, ... ) == 0x0
 03000   876   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "WLDAP32.dll"}, ... 1012, ) }, ... 1012, ) == 0x0
 03001   876   NtMapViewOfSection  (1012, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x76f60000), 0x0, 180224, ) == 0x0
 02998   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1668, 0}  ... {28, 56, reply, 0, 460, 468, 1668, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\304\3\0\0\314\1\0\0<\6\0\0" )  ) == 0x0
 03002   468   NtResumeThread  (964, ... 1, ) == 0x0
 03003   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 126615552, 1048576, ) == 0x0
 03004   468   NtAllocateVirtualMemory  (-1, 127655936, 0, 8192, 4096, 4, ... 127655936, 8192, ) == 0x0
 03005   468   NtProtectVirtualMemory  (-1, (0x79be000), 4096, 260, ... (0x79be000), 4096, 4, ) == 0x0
 03006   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 1016, {460, 1584}, ) == 0x0
 03007   468   NtQueryInformationThread  (1016, Basic, 28, ...
 03008   876   NtClose  (1012, ...
 03009  1596   NtWaitForSingleObject  (96, 0, 0x0, ...
 03008   876   NtClose  ... ) == 0x0
 03010   876   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 1012, ) == 0x0
 03011   876   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "System\CurrentControlSet\Services\LDAP"}, ... 1020, ) }, ... 1020, ) == 0x0
 03012   876   NtQueryValueKey  (1020,  (1020, "LdapClientIntegrity", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 144, ... TitleIdx=0, Type=4, Data= (1020, "LdapClientIntegrity", Partial, 144, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 03013   876   NtClose  (1020, ... ) == 0x0
 03014   876   NtSetEventBoostPriority  (96, ...
 02975  1688   NtWaitForSingleObject  ... ) == 0x0
 03015  1688   NtSetEventBoostPriority  (96, ...
 02987  1632   NtWaitForSingleObject  ... ) == 0x0
 03016  1632   NtSetEventBoostPriority  (96, ...
 03009  1596   NtWaitForSingleObject  ... ) == 0x0
 03017  1596   NtTestAlert  (... ) == 0x0
 03016  1632   NtSetEventBoostPriority  ... ) == 0x0
 03015  1688   NtSetEventBoostPriority  ... ) == 0x0
 03014   876   NtSetEventBoostPriority  ... ) == 0x0
 03007   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff4a000,Pid=460,Tid=1584,}, 0x0, ) == 0x0
 03018  1596   NtContinue  (126614832, 1, ...
 03019  1632   NtTestAlert  (...
 03020  1688   NtTestAlert  (...
 03021   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1668, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1668, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\370\3\0\0\314\1\0\00\6\0\0" ...  ...
 03022  1596   NtRegisterThreadTerminatePort  (24, ...
 03019  1632   NtTestAlert  ... ) == 0x0
 03020  1688   NtTestAlert  ... ) == 0x0
 03021   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1669, 0}  ... {28, 56, reply, 0, 460, 468, 1669, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\370\3\0\0\314\1\0\00\6\0\0" )  ) == 0x0
 03022  1596   NtRegisterThreadTerminatePort  ... ) == 0x0
 03023  1632   NtContinue  (125566256, 1, ...
 03024  1688   NtContinue  (124517680, 1, ...
 03025   468   NtResumeThread  (1016, ...
 03026  1596   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03027  1632   NtRegisterThreadTerminatePort  (24, ...
 03028  1688   NtRegisterThreadTerminatePort  (24, ...
 03025   468   NtResumeThread  ... 1, ) == 0x0
 03026  1596   NtDuplicateObject  ... 1020, ) == 0x0
 03027  1632   NtRegisterThreadTerminatePort  ... ) == 0x0
 03028  1688   NtRegisterThreadTerminatePort  ... ) == 0x0
 03029   876   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\mswsock.dll"}, 14412844, ... }, 14412844, ...
 03030  1584   NtWaitForSingleObject  (96, 0, 0x0, ...
 03031  1596   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 03032  1632   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03033  1688   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03029   876   NtQueryAttributesFile  ... ) == 0x0
 03034   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03031  1596   NtWaitForSingleObject  ... ) == 0x102
 03032  1632   NtDuplicateObject  ... 1024, ) == 0x0
 03035   876   NtSetEventBoostPriority  (96, ...
 03034   468   NtAllocateVirtualMemory  ... 127664128, 1048576, ) == 0x0
 03036  1596   NtWaitForSingleObject  (132, 0, 0x0, ...
 03037  1632   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 03030  1584   NtWaitForSingleObject  ... ) == 0x0
 03035   876   NtSetEventBoostPriority  ... ) == 0x0
 03038   468   NtAllocateVirtualMemory  (-1, 128704512, 0, 8192, 4096, 4, ...
 03039  1584   NtTestAlert  (...
 03037  1632   NtWaitForSingleObject  ... ) == 0x102
 03040   876   NtQuerySystemInformation  (Basic, 44, ...
 03039  1584   NtTestAlert  ... ) == 0x0
 03038   468   NtAllocateVirtualMemory  ... 128704512, 8192, ) == 0x0
 03041  1632   NtWaitForSingleObject  (132, 0, 0x0, ...
 03040   876   NtQuerySystemInformation  ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 03033  1688   NtDuplicateObject  ... 1028, ) == 0x0
 03042   468   NtProtectVirtualMemory  (-1, (0x7abe000), 4096, 260, ...
 03043  1584   NtContinue  (127663408, 1, ...
 03044  1688   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 03042   468   NtProtectVirtualMemory  ... (0x7abe000), 4096, 4, ) == 0x0
 03045  1584   NtRegisterThreadTerminatePort  (24, ...
 03044  1688   NtWaitForSingleObject  ... ) == 0x102
 03046   876   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ...
 03045  1584   NtRegisterThreadTerminatePort  ... ) == 0x0
 03047  1688   NtWaitForSingleObject  (132, 0, 0x0, ...
 03046   876   NtAllocateVirtualMemory  ... 8716288, 65536, ) == 0x0
 03048  1584   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03049   876   NtAllocateVirtualMemory  (-1, 8716288, 0, 4096, 4096, 4, ...
 03048  1584   NtDuplicateObject  ... 1032, ) == 0x0
 03049   876   NtAllocateVirtualMemory  ... 8716288, 4096, ) == 0x0
 03050  1584   NtAllocateVirtualMemory  (-1, 1400832, 0, 4096, 4096, 4, ...
 03051   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 03052   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ... 1036, {460, 1732}, ) == 0x0
 03053   468   NtQueryInformationThread  (1036, Basic, 28, ... {ExitStatus=0x103,TebBaseAddress=0x7ff49000,Pid=460,Tid=1732,}, 0x0, ) == 0x0
 03054   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1669, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1669, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\14\4\0\0\314\1\0\0\304\6\0\0" ... {28, 56, reply, 0, 460, 468, 1670, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\14\4\0\0\314\1\0\0\304\6\0\0" )  ... {28, 56, reply, 0, 460, 468, 1670, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1669, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\14\4\0\0\314\1\0\0\304\6\0\0" ... {28, 56, reply, 0, 460, 468, 1670, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\14\4\0\0\314\1\0\0\304\6\0\0" )  ) == 0x0
 03055   468   NtResumeThread  (1036, ... 1, ) == 0x0
 03056   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 128712704, 1048576, ) == 0x0
 03057   468   NtAllocateVirtualMemory  (-1, 129753088, 0, 8192, 4096, 4, ...
 03050  1584   NtAllocateVirtualMemory  ... 1400832, 4096, ) == 0x0
 03058  1732   NtWaitForSingleObject  (448, 0, 0x0, ...
 03059  1584   NtSetEventBoostPriority  (448, ...
 03051   876   NtWaitForSingleObject  ... ) == 0x0
 03060   876   NtSetEventBoostPriority  (448, ...
 03058  1732   NtWaitForSingleObject  ... ) == 0x0
 03061  1732   NtTestAlert  (... ) == 0x0
 03060   876   NtSetEventBoostPriority  ... ) == 0x0
 03059  1584   NtSetEventBoostPriority  ... ) == 0x0
 03057   468   NtAllocateVirtualMemory  ... 129753088, 8192, ) == 0x0
 03062  1732   NtContinue  (128711984, 1, ...
 03063  1584   NtWaitForSingleObject  (592, 0, 0x0, ...
 03064   468   NtProtectVirtualMemory  (-1, (0x7bbe000), 4096, 260, ...
 03065  1732   NtRegisterThreadTerminatePort  (24, ...
 03064   468   NtProtectVirtualMemory  ... (0x7bbe000), 4096, 4, ) == 0x0
 03065  1732   NtRegisterThreadTerminatePort  ... ) == 0x0
 03066   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 03067  1732   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03066   468   NtCreateThread  ... 1040, {460, 1640}, ) == 0x0
 03067  1732   NtDuplicateObject  ... 1044, ) == 0x0
 03068   468   NtQueryInformationThread  (1040, Basic, 28, ...
 03069  1732   NtWaitForSingleObject  (592, 0, 0x0, ...
 03070   876   NtSetEventBoostPriority  (592, ...
 03068   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff48000,Pid=460,Tid=1640,}, 0x0, ) == 0x0
 03063  1584   NtWaitForSingleObject  ... ) == 0x0
 03070   876   NtSetEventBoostPriority  ... ) == 0x0
 03071  1584   NtSetEventBoostPriority  (592, ...
 03072   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1670, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1670, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\20\4\0\0\314\1\0\0h\6\0\0" ...  ...
 03071  1584   NtSetEventBoostPriority  ... ) == 0x0
 03073   876   NtAllocateVirtualMemory  (-1, 8720384, 0, 8192, 4096, 4, ...
 03072   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1671, 0}  ... {28, 56, reply, 0, 460, 468, 1671, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO\20\4\0\0\314\1\0\0h\6\0\0" )  ) == 0x0
 03069  1732   NtWaitForSingleObject  ... ) == 0x0
 03073   876   NtAllocateVirtualMemory  ... 8720384, 8192, ) == 0x0
 03074   468   NtResumeThread  (1040, ...
 03075  1732   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 03076   876   NtSetEventBoostPriority  (132, ...
 03074   468   NtResumeThread  ... 1, ) == 0x0
 03075  1732   NtWaitForSingleObject  ... ) == 0x102
 00471   872   NtWaitForSingleObject  ... ) == 0x0
 03076   876   NtSetEventBoostPriority  ... ) == 0x0
 03077  1584   NtWaitForSingleObject  (72, 0, {0, 0}, ...
 03078  1640   NtTestAlert  (...
 03079   872   NtSetEventBoostPriority  (132, ...
 03080  1732   NtWaitForSingleObject  (132, 0, 0x0, ...
 03081   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03077  1584   NtWaitForSingleObject  ... ) == 0x102
 00480   868   NtWaitForSingleObject  ... ) == 0x0
 03079   872   NtSetEventBoostPriority  ... ) == 0x0
 03078  1640   NtTestAlert  ... ) == 0x0
 03082   876   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ...
 03081   468   NtAllocateVirtualMemory  ... 129761280, 1048576, ) == 0x0
 03083   868   NtSetEventBoostPriority  (132, ...
 03084  1584   NtWaitForSingleObject  (132, 0, 0x0, ...
 03085   872   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 03086  1640   NtContinue  (129760560, 1, ...
 03082   876   NtCreateEvent  ... 1048, ) == 0x0
 00491   880   NtWaitForSingleObject  ... ) == 0x0
 03083   868   NtSetEventBoostPriority  ... ) == 0x0
 03087   468   NtAllocateVirtualMemory  (-1, 130801664, 0, 8192, 4096, 4, ...
 03088  1640   NtRegisterThreadTerminatePort  (24, ...
 03089   880   NtSetEventBoostPriority  (132, ...
 03090   876   NtConnectPort  ( ("\RPC Control\DNSResolver", {12, 2, 1, 1}, 0x0, 0x0, 14413132, 112, ... , {12, 2, 1, 1}, 0x0, 0x0, 14413132, 112, ...
 03085   872   NtCreateEvent  ... 1052, ) == 0x0
 03087   468   NtAllocateVirtualMemory  ... 130801664, 8192, ) == 0x0
 01101   884   NtWaitForSingleObject  ... ) == 0x0
 03089   880   NtSetEventBoostPriority  ... ) == 0x0
 03088  1640   NtRegisterThreadTerminatePort  ... ) == 0x0
 03091   872   NtAllocateVirtualMemory  (-1, 1404928, 0, 4096, 4096, 4, ...
 03092   884   NtWaitForSingleObject  (448, 0, 0x0, ...
 03093   468   NtProtectVirtualMemory  (-1, (0x7cbe000), 4096, 260, ...
 03090   876   NtConnectPort  ... 1056, 0x0, 0x0, 0x0, 112, ) == 0x0
 03094   868   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 03095   880   NtCreateEvent  (0x1f0003, 0x0, 0, 0, ...
 03091   872   NtAllocateVirtualMemory  ... 1404928, 4096, ) == 0x0
 03093   468   NtProtectVirtualMemory  ... (0x7cbe000), 4096, 4, ) == 0x0
 03096   876   NtRequestWaitReplyPort  (1056, {128, 152, new_msg, 0, 1310720, 125728, 1310720, 14412896}  (1056, {128, 152, new_msg, 0, 1310720, 125728, 1310720, 14412896} "\0$\370w\20\363\333\0\2$\370w\1kwEVY\205D\237\200\364(\367\326\1)\2\0\0\0\1\0\0\0\220B\25\0\4\0\0\0\220B\25\0\20\344\314w\220B\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\0\0\370k\25\0\360\3\24\0(n\25\0\200\0\0\0\0n\25\0\0\0\0\0\0\0\0\0\0\0\0\0(n\25\0\0\0\0\0\0\0\0\0\0\0\0\0" ...  ...
 03094   868   NtCreateEvent  ... 1060, ) == 0x0
 03095   880   NtCreateEvent  ... 1064, ) == 0x0
 03097   872   NtSetEventBoostPriority  (448, ...
 03098  1640   NtWaitForSingleObject  (448, 0, 0x0, ...
 03099   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 03100   868   NtWaitForSingleObject  (448, 0, 0x0, ...
 03101   880   NtWaitForSingleObject  (448, 0, 0x0, ...
 03092   884   NtWaitForSingleObject  ... ) == 0x0
 03097   872   NtSetEventBoostPriority  ... ) == 0x0
 03099   468   NtCreateThread  ... 1068, {460, 1588}, ) == 0x0
 03102   884   NtSetEventBoostPriority  (448, ...
 03103   872   NtWaitForSingleObject  (448, 0, 0x0, ...
 03098  1640   NtWaitForSingleObject  ... ) == 0x0
 03102   884   NtSetEventBoostPriority  ... ) == 0x0
 03104   468   NtQueryInformationThread  (1068, Basic, 28, ...
 03096   876   NtRequestWaitReplyPort  ... {128, 152, reply, 0, 460, 876, 1673, 0}  ... {128, 152, reply, 0, 460, 876, 1673, 0} "\7$\370w\20\363\333\0\2$\370w\1kwEVY\205D\237\200\364(\367\326\1)\2\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\220B\25\0\377\377\377\377\220B\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\0\0\370k\25\0\360\3\24\0(n\25\0\200\0\0\0\0n\25\0\0\0\0\0\0\0\0\0\0\0\0\0(n\25\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 03105  1640   NtSetEventBoostPriority  (448, ...
 03104   468   NtQueryInformationThread  ... {ExitStatus=0x103,TebBaseAddress=0x7ff47000,Pid=460,Tid=1588,}, 0x0, ) == 0x0
 03100   868   NtWaitForSingleObject  ... ) == 0x0
 03105  1640   NtSetEventBoostPriority  ... ) == 0x0
 03106   876   NtRequestWaitReplyPort  (1056, {64, 88, new_msg, 0, 460, 876, 1659, 0}  (1056, {64, 88, new_msg, 0, 460, 876, 1659, 0} "\1\0\0\0A\2\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\21\0\0\0\0\0\0\0\0\0\0\0\377\377\377\0\0\0\0\0\0\0\0\0\0\0\0\0" ...  ...
 03107   868   NtSetEventBoostPriority  (448, ...
 03108   468   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 460, 468, 1671, 0}  (24, {28, 56, new_msg, 0, 460, 468, 1671, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO,\4\0\0\314\1\0\04\6\0\0" ...  ...
 03109  1640   NtDuplicateObject  (-1, -2, -1, 0x0, 0, 2, ...
 03101   880   NtWaitForSingleObject  ... ) == 0x0
 03107   868   NtSetEventBoostPriority  ... ) == 0x0
 03106   876   NtRequestWaitReplyPort  ... {52, 76, reply, 0, 460, 876, 1674, 0}  ... {52, 76, reply, 0, 460, 876, 1674, 0} "\2p\372\177\1\00\300\0\0\0\0\363\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0p\22\13\0\1\0\0\0\1\0\0\0\300\250|\201\377\377\377\0" )  ) == 0x0
 03110   884   NtWaitForSingleObject  (448, 0, 0x0, ...
 03111   880   NtSetEventBoostPriority  (448, ...
 03109  1640   NtDuplicateObject  ... 1072, ) == 0x0
 03108   468   NtRequestWaitReplyPort  ... {28, 56, reply, 0, 460, 468, 1675, 0}  ... {28, 56, reply, 0, 460, 468, 1675, 0} "\0\0\0\0\1\0\1\0\0\0\0\0INDO,\4\0\0\314\1\0\04\6\0\0" )  ) == 0x0
 03112   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 03103   872   NtWaitForSingleObject  ... ) == 0x0
 03111   880   NtSetEventBoostPriority  ... ) == 0x0
 03113  1640   NtWaitForSingleObject  (448, 0, 0x0, ...
 03114   468   NtResumeThread  (1068, ...
 03115   868   NtWaitForSingleObject  (448, 0, 0x0, ...
 03116   872   NtSetEventBoostPriority  (448, ...
 03114   468   NtResumeThread  ... 1, ) == 0x0
 03110   884   NtWaitForSingleObject  ... ) == 0x0
 03117   468   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ...
 03118   884   NtSetEventBoostPriority  (448, ...
 03117   468   NtAllocateVirtualMemory  ... 130809856, 1048576, ) == 0x0
 03112   876   NtWaitForSingleObject  ... ) == 0x0
 03118   884   NtSetEventBoostPriority  ... ) == 0x0
 03119   876   NtSetEventBoostPriority  (448, ...
 03120   468   NtAllocateVirtualMemory  (-1, 131850240, 0, 8192, 4096, 4, ...
 03113  1640   NtWaitForSingleObject  ... ) == 0x0
 03121   884   NtWaitForSingleObject  (448, 0, 0x0, ...
 03119   876   NtSetEventBoostPriority  ... ) == 0x0
 03116   872   NtSetEventBoostPriority  ... ) == 0x0
 03122   880   NtWaitForSingleObject  (448, 0, 0x0, ...
 03123  1588   NtWaitForSingleObject  (448, 0, 0x0, ...
 03124  1640   NtSetEventBoostPriority  (448, ...
 03120   468   NtAllocateVirtualMemory  ... 131850240, 8192, ) == 0x0
 03125   876   NtClose  (1048, ...
 03126   872   NtWaitForSingleObject  (448, 0, 0x0, ...
 03115   868   NtWaitForSingleObject  ... ) == 0x0
 03124  1640   NtSetEventBoostPriority  ... ) == 0x0
 03127   468   NtProtectVirtualMemory  (-1, (0x7dbe000), 4096, 260, ...
 03125   876   NtClose  ... ) == 0x0
 03128   868   NtAllocateVirtualMemory  (-1, 1409024, 0, 4096, 4096, 4, ...
 03127   468   NtProtectVirtualMemory  ... (0x7dbe000), 4096, 4, ) == 0x0
 03129  1640   NtWaitForSingleObject  (448, 0, 0x0, ...
 03128   868   NtAllocateVirtualMemory  ... 1409024, 4096, ) == 0x0
 03130   468   NtCreateThread  (0x1f03ff, 0x0, -1, 1244124, 1244840, 1, ...
 03131   868   NtSetEventBoostPriority  (448, ...
 03130   468   NtCreateThread  ... 1048, {460, 1340}, ) == 0x0
 03132   876   NtClose  (1056, ...
 03133   468   NtQueryInformationThread  (1048, Basic, 28, ...
 03132   876   NtClose  ... ) == 0x0
 03122   880   NtWaitForSingleObject  ... ) == 0x0
 03131   868   NtSetEventBoostPriority  ... ) == 0x0
 03134   876   NtWaitForSingleObject  (448, 0, 0x0, ...
 03135   880   NtAllocateVirtualMemory  (-1, 1413120, 0, 4096, 4096, 4, ...
 03136   868   NtWaitForSingleObject  (448, 0, 0x0, ...
 03135   880   NtAllocateVirtualMemory  ... 1413120, 4096, ) == 0x0
 03137   880   NtSetEventBoostPriority  (448, ...