Академический Документы
Профессиональный Документы
Культура Документы
Xclog 0x10f8
Загружено:
Compra Cartas Mtg BoliviaИсходное описание:
Оригинальное название
Авторское право
Доступные форматы
Поделиться этим документом
Поделиться или встроить документ
Этот документ был вам полезен?
Это неприемлемый материал?
Пожаловаться на этот документАвторское право:
Доступные форматы
Xclog 0x10f8
Загружено:
Compra Cartas Mtg BoliviaАвторское право:
Доступные форматы
0x0A10: INFO: Start of diagnostic log for process with command line: "C:\User s\MarK\Desktop\SAFE 12.0.1 Portable.
exe" 0x0A10: INFO: Setting some windows apis. Time consumed so far: 0 ms. 0x0A10: INFO: OS Information - Version 6.1.7601, SP: 1.0, Suite: 0x100, Platf orm: 0x2, ProductType: 0x1, Text: Service Pack 1. 0x0A10: INFO: Got OS info. Time consumed so far: 0 ms. 0x0A10: INFO: Got parent info. Time consumed so far: 0 ms. 0x0A10: INFO: @APPDIR@ = C:\Users\MarK\Desktop 0x0A10: INFO: @WINDIR@ = C:\Windows 0x0A10: INFO: @SYSDRIVE@ = C: 0x0A10: INFO: @SYSTEM@ = C:\Windows\system32 0x0A10: INFO: @PROGRAMFILES@ = C:\Program Files (x86) 0x0A10: INFO: @PROGRAMFILESCOMMON@ = C:\Program Files (x86)\Common Files 0x0A10: INFO: @PROFILE@ = C:\Users\MarK 0x0A10: INFO: @PROFILECOMMON@ = C:\ProgramData 0x0A10: INFO: @APPDATA@ = C:\Users\MarK\AppData\Roaming 0x0A10: INFO: @APPDATALOCAL@ = C:\Users\MarK\AppData\Local 0x0A10: INFO: @STARTMENU@ = C:\Users\MarK\AppData\Roaming\Microsoft\Windows\S tart Menu 0x0A10: INFO: @PROGRAMS@ = C:\Users\MarK\AppData\Roaming\Microsoft\Windows\St art Menu\Programs 0x0A10: INFO: @STARTUP@ = C:\Users\MarK\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup 0x0A10: INFO: @DESKTOP@ = C:\Users\MarK\Desktop 0x0A10: INFO: @TEMPLATES@ = C:\Users\MarK\AppData\Roaming\Microsoft\Windows\T emplates 0x0A10: INFO: @FAVORITES@ = C:\Users\MarK\Favorites 0x0A10: INFO: @DOCUMENTS@ = C:\Users\MarK\Documents 0x0A10: INFO: @MUSIC@ = C:\Users\MarK\Music 0x0A10: INFO: @PICTURES@ = C:\Users\MarK\Pictures 0x0A10: INFO: @APPDATACOMMON@ = C:\ProgramData 0x0A10: INFO: @STARTMENUCOMMON@ = C:\ProgramData\Microsoft\Windows\Start Menu 0x0A10: INFO: @PROGRAMSCOMMON@ = C:\ProgramData\Microsoft\Windows\Start Menu\ Programs 0x0A10: INFO: @STARTUPCOMMON@ = C:\ProgramData\Microsoft\Windows\Start Menu\P rograms\Startup 0x0A10: INFO: @DESKTOPCOMMON@ = C:\Users\Public\Desktop 0x0A10: INFO: @TEMPLATESCOMMON@ = C:\ProgramData\Microsoft\Windows\Templates 0x0A10: WARNING: Error 0x80004005 from call: VmGetFolderPath( CSIDL_COMMON_FAVOR ITES, psReplacement->GetBuffer(MAX_PATH+1)) 0x0A10: INFO: @FAVORITESCOMMON@ = 0x0A10: INFO: @DOCUMENTSCOMMON@ = C:\Users\Public\Documents 0x0A10: INFO: @MUSICCOMMON@ = C:\Users\Public\Music 0x0A10: INFO: @PICTURESCOMMON@ = C:\Users\Public\Pictures 0x0A10: INFO: Got raw folders. Time consumed so far: 15 ms. 0x0A10: INFO: Adding alias mapping from \??\C: to \Device\HarddiskVolume1 0x0A10: INFO: Adding alias mapping from \??\C:\Windows\system32 to \Device\Ha rddiskVolume1\Windows\SysWOW64 0x0A10: INFO: Adding alias mapping from \REGISTRY\USER\S-1-5-21-4048755273-30 07554995-782353158-1001_Classes to \REGISTRY\USER\S-1-5-21-4048755273-3007554995 -782353158-1001\SOFTWARE\CLASSES 0x0A10: INFO: Adding alias mapping from \REGISTRY\USER\S-1-5-18 to \REGISTRY\ USER\.DEFAULT 0x0A10: INFO: Adding alias mapping from \REGISTRY\USER\S-1-5-21-4048755273-30 07554995-782353158-1001_Classes\Wow6432Node to \REGISTRY\USER\S-1-5-21-404875527 3-3007554995-782353158-1001\SOFTWARE\CLASSES 0x0A10: INFO: Adding alias mapping from \REGISTRY\MACHINE\SOFTWARE\CLASSES\Wo w6432Node to \REGISTRY\MACHINE\SOFTWARE\CLASSES 0x0A10: INFO: Adding alias mapping from \REGISTRY\MACHINE\SOFTWARE\Wow6432Nod e to \REGISTRY\MACHINE\SOFTWARE
0x0A10: INFO: Got alternative paths. Time consumed so far: 15 ms. 0x0A10: INFO: Finished directory info. Time consumed so far: 15 ms. 0x0A10: INFO: Duplicate file Microsoft.VC80.CRT.manifest will not be added as it is at lower layer. 0x0A10: INFO: Duplicate file Microsoft.VC80.CRT@8.0.50727.762.manifest will n ot be added as it is at lower layer. 0x0A10: INFO: Duplicate file msvcr80.dll will not be added as it is at lower layer. 0x0A10: INFO: Duplicate file msvcp80.dll will not be added as it is at lower layer. 0x0A10: INFO: Extracted configuration. Time consumed so far: 78 ms. 0x0A10: INFO: Application processed with Xenocode version: 6.1.457 0x0A10: INFO: Wrapping existing handles 0x0A10: INFO: Wrapping Key handle: 0x4. 0x0A10: INFO: Wrapping File handle: 0x10. 0x0A10: INFO: Wrapping Key handle: 0x14. 0x0A10: INFO: Wrapping File handle: 0x1C. 0x0A10: INFO: Wrapping Key handle: 0x2C. 0x0A10: INFO: Wrapping Key handle: 0x30. 0x0A10: INFO: Wrapping File handle: 0x44. 0x0A10: INFO: Wrapping Key handle: 0x48. 0x0A10: INFO: Wrapping Key handle: 0xBC. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x124, Path: \REGISTRY\USER\ S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windows\Current Version\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x128, Path: \REGISTRY\MACHI NE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x128. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x124. 0x0A10: INFO: Finished preparing window apis. Time consumed so far: 78 ms. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x13C, Path: \Registry\MACHI NE\System\CurrentControlSet\Control\Session Manager. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: SafeProcessSearchMode, Path: 0x13C: \Registry\MACHINE\System\CurrentContr olSet\Control\Session Manager. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\AdobePiStd.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\AdobePiStd.o tf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\CourierStd.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\CourierStd.o tf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\CourierStd-Bold.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\CourierStd-B
old.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\CourierStd-BoldOblique.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\CourierStd-B oldOblique.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\CourierStd-Oblique.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\CourierStd-O blique.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MinionPro-Bold.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MinionPro-Bo ld.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MinionPro-BoldIt.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MinionPro-Bo ldIt.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MinionPro-It.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MinionPro-It .otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MinionPro-Regular.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MinionPro-Re gular.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MyriadPro-Bold.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MyriadPro-Bo ld.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MyriadPro-BoldIt.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MyriadPro-Bo ldIt.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@
PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MyriadPro-It.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MyriadPro-It .otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\MyriadPro-Regular.otf. 0x0A10: SUCCESS: Call to New_GdiAddFontResourceW succeeded: Flags: 0x10, Reserve d: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\MyriadPro-Re gular.otf. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PFM. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PFM. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PFM. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\SY__ ____.PFM. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\PFM\SY______.PFM. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\PFM\SY______.PF M. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \PFM\SY______.PFM failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pfm. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pfm. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pfm. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har
ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zx__ ____.pfm. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\PFM\zx______.pfm. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\PFM\zx______.pf m. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \PFM\zx______.pfm failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pfm. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pfm. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pfm. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\PFM\zy__ ____.pfm. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\PFM\zy______.pfm. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\PFM\zy______.pf m. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \PFM\zy______.pfm failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\SY______.PFB.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\SY______.PFB. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\SY______.PFB. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\SY______ .PFB. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\SY______.PFB. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\SY______.PFB. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \SY______.PFB failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZX______.PFB. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZX______.PFB. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZX______.PFB. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZX______ .PFB. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\ZX______.PFB. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x13000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140.
0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\ZX______.PFB. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \ZX______.PFB failed to load with error: 0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZY______.PFB. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@ PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZY______.PFB. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x1, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZY______.PFB. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resource\Font\ZY______ .PFB. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\MODIFIED\@PROGRAMFILES@\Adobe\Reader 8.0\Resourc e\Font\ZY______.PFB. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x18000, Path: 0x144: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: WARNING: Call to New_GdiAddFontResourceW failed: Flags: 0x10, Reserved: 0x0, File: C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font\ZY______.PFB. 0x0A10: WARNING: Font file C:\Program Files (x86)\Adobe\Reader 8.0\Resource\Font \ZY______.PFB failed to load with error: 0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x3, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0B40, Path: \Devi ce\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe . 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C00, Path: 0x3F0B40: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\ SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3C900 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11B4000, Path: 0x37F1C00: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE .exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3C90000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C00. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0B40. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \Device\HarddiskVolum
e1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.manifest. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x140, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC697456E60D4C79AE2BA1C15.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x144, Path: 0x1 40: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC69745 6E60D4C79AE2BA1C15.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1F000, Path: 0x144: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x148: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC697456E60D4C79AE2BA1 C15.manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC697456E60D4C79AE 2BA1C15.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x140: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\SAFE.exe.manifest_0x7EAA851EC697456E60D4C79AE2BA1 C15.manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x10, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.manifest, AsmDir: , ResourceName: , AppName: , HMod: 0x0 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\mscoree.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\mscoree .dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Users\MarK\Desktop\mscoree.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\mscoree.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\system32\mscoree.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x140, Path: 0x 144: \Device\HarddiskVolume1\Windows\SysWOW64\mscoree.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73700 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4A000, Path: 0x140: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x144, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, Path: 0x1 44: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x140: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x140. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: Finished with MapInStartupExe() 0x0A10: INFO: Initialized startup exe. Time consumed so far: 218 ms. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\Des ktop\VmX.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0B40, Path: \??\C :\Users\MarK\Desktop\VmX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0007, P aram2: 0x25000, Param3: 0x4, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x140, P
ath: \Sessions\1\BaseNamedObjects\_xvm_mem_8C9DF666D50A4D841E2DCEE9556484BF_0xE9 566AFC. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x38000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x25000, Path: 0x140: \Session s\1\BaseNamedObjects\_xvm_mem_8C9DF666D50A4D841E2DCEE9556484BF_0xE9566AFC. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1C00, Path : 0x3F0B40: \Device\HarddiskVolume1\Users\MarK\Desktop\VmX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x 1, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x10000 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x26000, Path: 0x37F1C00: \D evice\HarddiskVolume1\Users\MarK\Desktop\VmX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Use rs\MarK\Desktop\VmX.dll. 0x0A10: WARNING: New_NtQuerySection failed. Status: 0xC0000022, Param1: 0x2, Par am2: 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x37F1C00: \Devic e\HarddiskVolume1\Users\MarK\Desktop\VmX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C00. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0B40. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9556484BF.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x150, Path: 0x1 48: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9 556484BF.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x32000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x150: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x14C, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x14C: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x148: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9556484BF.2.mani fest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x148: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9556484BF.2. manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x148: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\VmX.dll_0x8C9DF666D50A4D841E2DCEE9556484BF.2.mani fest.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x320000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Users\MarK\Desktop\VmX.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x10000000 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \KnownDlls3 2\WS2_32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x76AD0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x35000, Path: 0x150: \Known Dlls32\WS2_32.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150: \KnownDlls32\WS2_32.d ll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \KnownDlls3 2\NSI.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x77720 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6000, Path: 0x150: \KnownD lls32\NSI.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150: \KnownDlls32\NSI.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1 50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x148, Path: 0x1
50: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x148: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x150. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x9, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x150, Path: \REGISTRY\MACHI NE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Dll NXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseFilter, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\C urrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: VmX.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \Registry\M achine\System\CurrentControlSet\Control\ComputerName\ActiveComputerName. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x80, Param3: 0x40, Param4: 0x0, Param5: 0x0, Name: ComputerName, Path: 0x148 : \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \Registry\M achine\System\Setup. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x80, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: OOBEInProgress, Path: 0x1 48: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \Registry\M achine\System\Setup. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x80, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: SystemSetupInProgress, Pa th: 0x148: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: INFO: LICENSE: Checking license. 0x0A10: INFO: LICENSE: Checking expiration if can expire. 0x0A10: INFO: LICENSE: Checking days to activate if needs activation. 0x0A10: INFO: LICENSE: Passed. 0x0A10: INFO: Handing off to virtual application code... 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x18, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x18, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\
SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x20, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x22, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x20, Param5: 0x0, Path: 0x148: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x14C: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x110, Param4: 0x38, Param5: 0x0, Path: 0x14C: \REGISTRY\MAC HINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\mscoree.dll.local. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x14C, Path: \??\C: \Windows\Microsoft.NET\Framework\v4.0.30319\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x76, Param4: 0x1, Param5: 0x0, Name: mscoreei.dll, Path: 0x14C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x148: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x148: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C: \Windows\Microsoft.NET\Framework\v4.0.30319\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x76, Param4: 0x1, Param5: 0x0, Name: mscoreei.dll, Path: 0x148: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x148: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x148: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v4.0.30319\mscoreei.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x 148: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei .dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73680 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x67000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x148, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x14C, Path: 0x1 48: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x14C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148.
0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CLRLoadLogDir, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\mscoree.dll.local. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x54, Param4: 0x0, Param5: 0x0, Name: InstallRoot, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x14C, Path: \??\C: \Windows\Microsoft.NET\Framework\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x14C: \De vice\HarddiskVolume1\Windows\Microsoft.NET\Framework. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0xD1A, Param4: 0x0, Param5: 0x0, Path: 0x14C: \Device\Ha rddiskVolume1\Windows\Microsoft.NET\Framework. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x120080, Par am2: 0x0, Param3: 0x7, Param4: 0x1, Param5: 0x860, OutHandle: 0x154, Path: \??\C :\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x120080, Par am2: 0x0, Param3: 0x7, Param4: 0x1, Param5: 0x860, OutHandle: 0x154, Path: \??\C :\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x14C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseLegacyV2RuntimeActivationPolicyDefaultValue, Path: 0x14C: \REGISTRY\MA CHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: OnlyUseLatestCLR, Path: 0x14C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mic
rosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F0BB8, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F0BB8: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F0BB8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x41500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11B4000, Path: 0x37F1C68: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE .exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0BB8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x4150000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F0BB8, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F0BB8: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F0BB8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x41500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11B4000, Path: 0x37F1C68: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE .exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0BB8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x4150000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x14C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x14C, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: NoClientChecks, Path: 0x154: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Fusion. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x120080, Par
am2: 0x0, Param3: 0x7, Param4: 0x1, Param5: 0x860, OutHandle: 0x154, Path: \??\C :\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x154, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x158, Path: 0x 154: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks .dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x61930 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5AB000, Path: 0x158: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x154, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x154: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x154, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x154: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x154: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x154. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x61930000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x154, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MS
VCR80.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a\MSVCR80.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x 158: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18 e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x72E20 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9B000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8
3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8
3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8
3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8
3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8
3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8
3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8
3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8
3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x15C, Path: 0x1 58: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x15C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B00000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: Returning from method New_GetCommandLineW with: "C:\Program Fil
es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: Returning from method New_GetCommandLineW with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MS VCR80.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C: \. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6C, Param4: 0x1, Param5: 0x0, Name: Windows, Path: 0x15 8: \Device\HarddiskVolume1\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x15C, Path: \??\C: \Windows\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6A, Param4: 0x1, Param5: 0x0, Name: WinSxS, Path: 0x15C : \Device\HarddiskVolume1\Windows\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x15C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x158, Path: \??\C: \Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d091 54e044272b9a\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x74, Param4: 0x1, Param5: 0x0, Name: MSVCR80.dll, Path: 0x158: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e 18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GCStressStart, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GCStressStartAtJit, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GCStressStart, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GCStressStartAtJit, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: INFO: Returning from method New_GetCommandLineW with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034,
Name: DisableConfigCache, Path: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x158. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x78, Param5: 0x0, Path: 0x158: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x1, Param2: 0x1, Param3: 0xDC, Param4: 0x78, Param5: 0x0, Name: , Pa th: 0x158: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x168, Path: \?? \C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x FFF, Param3: 0xFFF, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVolum e1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 186B, Param3: 0x186B, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1076, Param3: 0x1076, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 100D, Param3: 0x100D, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1066, Param3: 0x1066, Param4: 0x0, Param5: 0x0, Path: 0x168: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.config. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CacheLocation, Path: 0x164: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DownloadCacheQuotaInKB, Path: 0x164: \REGISTRY\MACHINE\SOFTWARE\Microsoft \Fusion. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EnableLog, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LoggingLevel, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ForceLog, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion.
0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LogFailures, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: VersioningLog, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LogResourceBinds, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusio n. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseLegacyIdentityFormat, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsof t\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableMSIPeek, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: NoClientChecks, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DevOverrideEnable, Path: 0x168: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Wind ows NT\CurrentVersion\Image File Execution Options. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0007, P aram2: 0xFB8, Param3: 0x4, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x164, Pat h: \Sessions\1\BaseNamedObjects\Global\Cor_Private_IPCBlock_4344. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x164: \BaseName dObjects\Cor_Private_IPCBlock_4344. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x168. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x16C. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0007, P aram2: 0x134, Param3: 0x4, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x16C, Pat h: \Sessions\1\BaseNamedObjects\Global\Cor_Public_IPCBlock_4344. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3C000 0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x16C: \BaseName dObjects\Cor_Public_IPCBlock_4344. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61E8C000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61E8C000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61E8C000, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x1B0, Path: 0xFFFFFFFE: . 0x0A10: INFO: New_NtClose given invalid handle: Handle: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x18EFCC, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x18EFD8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1284: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F4FF38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1284: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF
FFFFF, Param2: 0x3E51000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x20, Param5: 0x0, Path: 0x1C4: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2A, Param5: 0x0, Path: 0x1C4: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x1C4: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Po licy\Extensions\NamedPermissionSets. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x1C4: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Securi ty\Policy\Extensions\NamedPermissionSets. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2E, Param5: 0x0, Path: 0x1C8: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets\Internet. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x38, Param5: 0x0, Path: 0x1C8: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets\Internet. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Po licy\Extensions\NamedPermissionSets\Internet. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x1BF4E90, Param5: 0x0, Name : , Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ Security\Policy\Extensions\NamedPermissionSets\Internet. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2E, Param5: 0x0, Path: 0x1C8: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets\LocalIntranet. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x38, Param5: 0x0, Path: 0x1C8: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPer missionSets\LocalIntranet. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Po licy\Extensions\NamedPermissionSets\LocalIntranet. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x1BF4E98, Param5: 0x0, Name : , Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ Security\Policy\Extensions\NamedPermissionSets\LocalIntranet. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C4. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch .
0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.confi g. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.confi g.cch. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C4. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x6, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x1C4, Path: \Sessions\1 \BaseNamedObjects\windows_shell_global_counters. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x1CC00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x1C4: \Session s\1\BaseNamedObjects\windows_shell_global_counters. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Category, Path: 0x1CC: \R EGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\F olderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x1CC: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Folde rDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParentFolder, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E 3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Description, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3 EF65729F3D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2C, Param4: 0x0, Param5: 0x0, Name: RelativePath, Path: 0x1CC : \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explor er\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParsingName, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3 EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InfoTip, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Wi ndows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65 729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalizedName, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03AE3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Icon, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo
ws\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729 F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Security, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF6 5729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResource, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A -E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResourceType, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6A03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalRedirectOnly, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A 03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Roamable, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF6 5729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreCreate, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF 65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Stream, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Win dows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF657 29F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PublishExpandedPath, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6 -A03A-E3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Attributes, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft \Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3E F65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FolderTypeID, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E 3EF65729F3D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InitFolderHandler, Path: 0x1CC: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A 03A-E3EF65729F3D}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x1C8, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param
2: 0x90, Param3: 0x48, Param4: 0x0, Param5: 0x0, Name: AppData, Path: 0x1D0: \RE GISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Win dows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Category, Path: 0x1C8: \R EGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\F olderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x1C8: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Folde rDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParentFolder, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-E A3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Description, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA 3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: RelativePath, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-E A3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParsingName, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA 3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InfoTip, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Wi ndows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317 B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalizedName, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFEEA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Icon, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67 173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Security, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA331 7B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResource, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE -EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResourceType, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-47609AFE-EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalRedirectOnly, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9 AFE-EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034,
Name: Roamable, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA331 7B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreCreate, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA33 17B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Stream, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Win dows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B 67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PublishExpandedPath, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760 -9AFE-EA3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Attributes, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft \Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3 317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FolderTypeID, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-E A3317B67173}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InitFolderHandler, Path: 0x1C8: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9 AFE-EA3317B67173}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x1D0: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x1D0: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C8. 0x0A10: WARNING: New_NtCreateFile failed. Status: 0xC0000035, Param1: 0x100001, Param2: 0x80, Param3: 0x3, Param4: 0x2, Param5: 0x204021, Name: , Path: \??\C:\U sers\MarK. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK. 0x0A10: WARNING: New_NtCreateFile failed. Status: 0xC0000035, Param1: 0x100001, Param2: 0x80, Param3: 0x3, Param4: 0x2, Param5: 0x204021, Name: , Path: \??\C:\U sers\MarK\AppData\Roaming. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Roaming. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Users\MarK\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.3 12\security.config. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Users\MarK\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.3 12\security.config.cch. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LatestIndex, Path: 0x200:
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LatestIndex, Path: 0x204: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x208, Path: \??\ C:\Windows\assembly\NativeImages_v2.0.50727_32\index3f0.dat. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: NIUsageMask, Path: 0x20C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ind ex3f0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ILUsageMask, Path: 0x20C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ind ex3f0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x12, Param5: 0x0, Path: 0x200: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\181938c6\7950e2c5. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\181938c6\7950e2c5. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x52, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 181938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1 81938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 181938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x200: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c 6\7950e2c5\8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x200: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\18193 8c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x20, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x2 00: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\
NI\181938c6\7950e2c5\8. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: NIDependencies, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\ NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\8. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x52, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 7950e2c5\736b60a5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x200: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e 2c5\736b60a5\8. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x12C, Param4: 0x0, Param5: 0x0, Name: Modules, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIn dex\v2.0.50727_32\IL\7950e2c5\736b60a5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x12C, Param3: 0x12C, Param4: 0x0, Param5: 0x0, Name: Modules, Path: 0x200: \ REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\79 50e2c5\736b60a5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x200: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5 \736b60a5\8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x200: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 7950e2c5\736b60a5\8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x200. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000100, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x200, Path: \REGIST RY\MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: mscorlib,2.0.0.0,,b77a5c5 61934e089,x86, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GACChang eNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib .ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d 22c5\mscorlib.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x214, Path: 0x 20C: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\mscorli b\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60E30 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xAF8000, Path: 0x214: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: .
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\comctl32.DLL. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x214, Path: 0x2 0C: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls _6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3F800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x82000, Path: 0x214: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3F80000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C: \Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: mscorlib.INI, Path: 0x20C: \Device\HarddiskVolume1\Windows\assembly\ GAC_32\mscorlib\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param
2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0D48, Path: \?? \C:\Program Files (x86)\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6C, Param4: 0x1, Param5: 0x0, Name: SAFE 12, Path: 0x3F 0D48: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0D48. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0D48, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6E, Param4: 0x1, Param5: 0x0, Name: SAFE.exe, Path: 0x3 F0D48: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0D48. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C: \. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x84, Param4: 0x1, Param5: 0x0, Name: Program Files (x86) , Path: 0x20C: \Device\HarddiskVolume1\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \??\C: \Program Files (x86)\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x8E, Param4: 0x1, Param5: 0x0, Name: Computers and Struc tures, Path: 0x214: \Device\HarddiskVolume1\Program Files (x86)\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F0D48, Path: \?? \C:\Program Files (x86)\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x6C, Param4: 0x1, Param5: 0x0, Name: SAFE 12, Path: 0x3F 0D48: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F0D48. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x214, Path: 0x 20C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec
.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x64020 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x13000, Path: 0x214: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x20C: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x20C: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x20C: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20C. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x64020000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x20C, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \KnownDlls3 2\WINTRUST.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x755A0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x2D000, Path: 0x214: \Known Dlls32\WINTRUST.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: \KnownDlls32\WINTRUST .dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \KnownDlls3 2\CRYPT32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x75480 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11D000, Path: 0x214: \Know
nDlls32\CRYPT32.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: \KnownDlls32\CRYPT32. dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \KnownDlls3 2\MSASN1.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x75470 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xC000, Path: 0x214: \KnownD lls32\MSASN1.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: \KnownDlls32\MSASN1.d ll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\COMCTL32.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x214, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.1 7514_none_ec83dffa859149af\COMCTL32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x218, Path: 0x 214: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x749A0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x84000, Path: 0x218: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x218: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x218. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DebugHeapFlags, Path: 0x214: \REGISTRY\MACHINE\SYSTEM\ControlSet001\servi ces\crypt32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x228, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: mscorsec.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows N T\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\RichEd20.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\RichEd2
0.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\RichEd20.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x228, Path: \??\C:\W indows\system32\RichEd20.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x22C, Path: 0x 228: \Device\HarddiskVolume1\Windows\SysWOW64\riched20.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5AE50 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x76000, Path: 0x22C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: mscorlib.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Window s NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5AE50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certific ate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x3E, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cer tificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPol icy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Fin alPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initiali zation\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Ini tialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\ {31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param
2: 0x90, Param3: 0x32, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Mes sage\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signatur e\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x36, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Sig nature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertChec k\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2E, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x228: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cer tCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x2, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: . 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CRYPTSP.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CRYPTSP .dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\CRYPTSP.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x228, Path: \??\C:\W indows\system32\CRYPTSP.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x22C, Path: 0x 228: \Device\HarddiskVolume1\Windows\SysWOW64\cryptsp.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6DEF0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x16000, Path: 0x22C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x228: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x228: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x228: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\
Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x228: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x228: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x2 2C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x2 2C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x2 2C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x2 2C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x22C, Path: \?? \C:\Windows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x22C: \Device\Har ddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x230, Path: 0x22C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3B500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3C000, Path: 0x230: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\rsaenh.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \??\C:\W indows\system32\rsaenh.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x230, Path: 0x 22C: \Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6DEB0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3B000, Path: 0x230: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x22C, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x22C: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy.
0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x230, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x230: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PrivKeyCacheMaxItems, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Policies\Mi crosoft\Cryptography. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PrivKeyCachePurgeIntervalSeconds, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE \Policies\Microsoft\Cryptography. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PrivateKeyLifetimeSeconds, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Polici es\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x230: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x230, Path: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x228. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x228, Path: \REGISTRY \USER. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x234, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windows \CurrentVersion\WinTrust\Trust Providers\Software Publishing. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param
2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: State, Path: 0x234: \REGI STRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windo ws\CurrentVersion\WinTrust\Trust Providers\Software Publishing. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x234. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x234. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x234. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x18, Param4: 0x0, Param5: 0x0, Name: Safety Warning Level, Pat h: 0x22C: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\ Microsoft\Internet Explorer\Security. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x22C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DiagLevel, Path: 0x234: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\c rypt32. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DiagMatchAnyMask, Path: 0x234: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ser vices\crypt32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x234. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x234: \REGISTRY\MACHIN E\SYSTEM\ControlSet001\services\crypt32. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x6, OutHandle: 0x244, Path: 0x240: . 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x6, OutHandle: 0x254, Path: 0x250: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x1174: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x624FD9C, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1174: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x624FDA8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1174: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6151000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F2C88, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x64500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe.
0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6450000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x25C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\CustomLocale. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: en-US, Path: 0x264: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Cu stomLocale. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\ExtendedLocale. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: en-US, Path: 0x264: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Ex tendedLocale. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x36, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x56, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2
: 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x46, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x90, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa
taMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x30, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0xA8, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P
aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2
: 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x268: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDa taMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x268: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPu tSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0xD, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CryptSIPDllPutSignedDataMsg. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x260. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x25C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x260. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x25C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x36, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x56, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg.
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x46, Param5: 0x0, Path: 0x270: \REGISTRY\MACH
INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x90, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x30, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0xA8, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg.
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSig nedDataMsg. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDa taMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGe tSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0xD, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x26C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CryptSIPDllGetSignedDataMsg. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x26C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x264: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \KnownDlls3 2\imagehlp.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x76820 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x2A000, Path: 0x264: \Known Dlls32\IMAGEHLP.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2
: 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264: \KnownDlls32\IMAGEHLP .dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x67400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x1CE00 00, Param2: 0x0, Param3: 0x0, Param4: 0x11B0000, Param5: 0x4000, Path: 0x37F1C68 : \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\S AFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x1CE0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6740000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x67400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x1CE00 00, Param2: 0x0, Param3: 0x0, Param4: 0x11B0000, Param5: 0x4000, Path: 0x37F1C68 : \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\S AFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x1CE0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6740000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x264: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Enhanced RSA and AES Cryptographic Provider.
0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x264: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x268: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x268: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x268: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x268: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x40, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDIn fo. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1. 3.6.1.4.1.311.44.3.4!7. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x76, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindO IDInfo\1.3.6.1.4.1.311.44.3.4!7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x62, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x27C: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\p2pcollab.dll. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: @%SystemRoot%\system32\p 2pcollab.dll,-8042, Path: 0x27C: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-7 82353158-1001_CLASSES\Local Settings\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x62, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x27C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x278: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\p2pcollab.dll. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: @%SystemRoot%\system32\p 2pcollab.dll,-8042, Path: 0x278: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-7 82353158-1001_CLASSES\Local Settings\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x274. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x40, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDIn fo. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1. 3.6.1.4.1.311.47.1.1!7. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindO IDInfo\1.3.6.1.4.1.311.47.1.1!7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x27C: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\qagentrt.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x274. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x40, Param5: 0x0, Path: 0x26C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDIn fo. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x270: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1. 3.6.1.4.1.311.64.1.1!7.
0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x6E, Param5: 0x0, Path: 0x270: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindO IDInfo\1.3.6.1.4.1.311.64.1.1!7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5A, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x27C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x278: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\dnsapi.dll. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0xDA, Param4: 0x0, Param5: 0x0, Name: @%SystemRoot%\system32\d nsapi.dll,-103, Path: 0x278: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-78235 3158-1001_CLASSES\Local Settings\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5A, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x274: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\Crypt DllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: StringCacheGeneration, P ath: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettin gs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2001F, Param2:
0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x27C, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Classes\Local Setting s\MuiCache\b4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtSetValueKey succeeded. Status: 0x0, Param1: 0x0, Param2: 0x7, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LanguageList, Path: 0x27C: \ REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001_CLASSES\Local Settin gs\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\dnsapi.dll. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0xDA, Param4: 0x0, Param5: 0x0, Name: @%SystemRoot%\system32\d nsapi.dll,-103, Path: 0x27C: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-78235 3158-1001_CLASSES\Local Settings\MuiCache\B4\A7EAB198. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x274. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x3, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x26C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CryptDllFindOIDInfo. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x26C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32F0110, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\ncrypt.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\ncrypt. dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\ncrypt.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \??\C:\W indows\system32\ncrypt.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x268, Path: 0x 264: \Device\HarddiskVolume1\Windows\SysWOW64\ncrypt.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73A00 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x38000, Path: 0x268: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\bcrypt.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\bcrypt. dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\bcrypt.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x264, Path: \??\C:\W indows\system32\bcrypt.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x268, Path: 0x 264: \Device\HarddiskVolume1\Windows\SysWOW64\bcrypt.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74090 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x17000, Path: 0x268: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100003, Param 2: 0x7, Param3: 0x20, Param4: 0x0, Param5: 0x0, OutHandle: 0x270, Path: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\K secDD. 0x0A10: INFO: New_NtDeviceIoControlFile reports insufficient buffer. Status: 0x80000005, Param1: 0x390402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0
, Name: , Path: 0x270: \Device\KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0xD8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\SysWOW 64\bcryptprimitives.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \??\C:\W indows\SysWOW64\bcryptprimitives.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x280, Path: 0x 278: \Device\HarddiskVolume1\Windows\SysWOW64\bcryptprimitives.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x739C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3D000, Path: 0x280: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x278: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x280: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x280: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0
, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x278: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x280: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enabled, Path: 0x280: \RE GISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x278, Path: \Registry\Machi ne\System\CurrentControlSet\Control\Lsa. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FipsAlgorithmPolicy, Path: 0x278: \REGISTRY\MACHINE\SYSTEM\ControlSet001\ Control\Lsa. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Conf iguration. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x16, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreP rov. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\# 16. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenSt oreProv\#16. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenSt oreProv\#16. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x18, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\
SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreP rov. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\L dap. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenSt oreProv\Ldap. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenSt oreProv\Ldap. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CertDllOpenStoreProv. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288.
0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x44, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x44, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW
ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx \1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x56, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObjectEx\1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x7, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 1\CryptDllDecodeObjectEx. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2000. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2000. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2000. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2001. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2001. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2002. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2002. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x74, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod
eObject\#2002. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2003. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2003. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2003. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2004. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2004. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x60, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2004. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2005. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2005. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2005. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj
ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2006. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2006. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x64, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2006. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2007. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2007. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2007. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2008. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2008. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2008. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2009. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P
aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2009. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2009. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2130. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2130. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x58, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2130. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2221. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2221. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2221. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\# 2222. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\#2222. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod
eObject\#2222. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x38, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb
ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x64, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P
aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x60, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod
eObject\1.3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x18, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x74, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x19, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1A, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb
ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x58, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1B, Param 2: 0x0, Param3: 0x120, Param4: 0x3A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1 .3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecod eObject\1.3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1C, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encodin gType 1\CryptDllDecodeObject. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x36, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe
rifyIndirectData\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{000C10F1-0000-0000-C000-000000000046}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{1A610570-38CE-11D4-A2A3-00104BD35090}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x42, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x90, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x30, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x66, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{AB13F5B1-F718-11D0-82AA-00AA00C065E1}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0xA8, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x66, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe
rifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerify IndirectData. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndir ectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVe rifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0xD, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 0\CryptSIPDllVerifyIndirectData. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: New_NtDeviceIoControlFile reports insufficient buffer. Status: 0x80000005, Param1: 0x390402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0 , Name: , Path: 0x270: \Device\KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0xD8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x67400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xA00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xB00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xC00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xD00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xE00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0xF00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe.
0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x65500 00, Param2: 0x0, Param3: 0x0, Param4: 0x1000000, Param5: 0x100000, Path: 0x37F1C 68: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6550000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x40200 00, Param2: 0x0, Param3: 0x0, Param4: 0x1100000, Param5: 0xB4000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x4020000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6740000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.1.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.1.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x44, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.11. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x44, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx.
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x42, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ectEx. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx \1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x56, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObjectEx\1.2.840.113549.1.9.16.2.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x7, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 1\CryptDllEncodeObjectEx. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#
2000. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2000. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2000. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2001. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2001. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2002. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2002. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x74, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2002. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2003. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2003. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P
aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2003. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2004. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2004. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x60, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2004. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2005. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2005. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2005. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2006. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2006. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x64, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2006. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2
: 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2007. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2007. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2007. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2008. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2008. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2008. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2009. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2009. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2009. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#
2130. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2130. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x58, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2130. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2221. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2221. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2221. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x1A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\# 2222. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2222. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\#2222. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P
aram2: 0x1, Param3: 0xDC, Param4: 0x5C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.12.2.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.12.2.2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObj ect. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.16.1.1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x38, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x4C, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.16.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param
2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x62, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.10. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x64, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.11. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x5E, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1
.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x60, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.20. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.25. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P
aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.26. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x18, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x74, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.27. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x19, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x52, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.28. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1A, Param 2: 0x0, Param3: 0x120, Param4: 0x3C, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x58, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.30. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1B, Param
2: 0x0, Param3: 0x120, Param4: 0x3A, Param5: 0x0, Path: 0x284: \REGISTRY\MACHINE \SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeOb ject. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1 .3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3A, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0xDC, Param4: 0x70, Param5: 0x0, Path: 0x288: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncod eObject\1.3.6.1.4.1.311.2.1.4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1C, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0x284: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encodin gType 1\CryptDllEncodeObject. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: INFO: New_NtDeviceIoControlFile reports insufficient buffer. Status: 0x80000005, Param1: 0x390402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0 , Name: , Path: 0x270: \Device\KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0xE0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x278: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x278: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x278. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableMandatoryBasicConstraints, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE \Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\C onfig. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableCANameConstraints, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microso ft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableUnsupportedCriticalExtensions, Path: 0x278: \REGISTRY\MACHINE\SOFT WARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngi ne\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxAIAUrlCountInCert, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microsoft\C ryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxAIAUrlRetrievalCountPerChain, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\ Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Co nfig. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxUrlRetrievalByteCount, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microso ft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxAIAUrlRetrievalByteCount, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Micr osoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config . 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxAIAUrlRetrievalCertCount, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Micr osoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config . 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetPreFetchTriggerPeriodSeconds, Path: 0x278: \REGISTRY\MACHINE\SOFT WARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngi ne\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EnableWeakSignatureFlags, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microso ft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ChainCacheResyncFiletime, Path: 0x278: \REGISTRY\MACHINE\SOFTWARE\Microso ft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x284, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\My. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x280: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x280: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x284. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x288, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x288: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ Certificates. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x116, Param4: 0x0, Param5: 0x0, Path: 0x288: \Device\Ha rddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certifi cates. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x28C, Path: \?? \C:\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C19B E8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x28C: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certific ates\C19BE8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 338, Param3: 0x338, Param4: 0x0, Param5: 0x0, Path: 0x28C: \Device\HarddiskVolum e1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C19BE 8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x288: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x288, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x288: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ CRLs. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x62, Param4: 0x0, Param5: 0x0, Path: 0x288: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs.
0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x288: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x288, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x288: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ CTLs. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x62, Param4: 0x0, Param5: 0x0, Path: 0x288: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x288: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x288, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x288. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x28C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA \Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C ertificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21
-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C ertificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365 B482D188DFBF8A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365 B482D188DFBF8A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365B482D188DFBF8A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A3621 46010F2A8B6AEE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A3621 46010F2A8B6AEE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x72A, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A362146010F2A8B6AEE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\867539A26C81FA2D78277C3ADF DB304312535E57. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\867539A26C81FA2D78277C3ADF DB304312535E57. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x556, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\867539A26C81FA2D78277C3ADFDB304312535E57.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\E5958D48FE10D7340311E8C03B B22940DABA2DA3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\E5958D48FE10D7340311E8C03B B22940DABA2DA3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5E2, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x290: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\E5958D48FE10D7340311E8C03BB22940DABA2DA3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x28C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C RLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C RLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x28C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C TLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x28C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C TLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x28C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST
RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\CA. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x290, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x290, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x290, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x290. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\CA. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\CA. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST
RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\109F1CAED645BB78B3EA2B94C0697C740733031C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\109F1CAED645BB78B3EA2B94C0697C740733031C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x487, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645 BB78B3EA2B94C0697C740733031C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x453, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B 08F46A30A133F8A9ED3D038E2EA8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x27A, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E39 65A5246F000E87FDE2A065FD89D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR Ls\A377D1B1C0538833035211F4083D00FECC414DAB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR Ls\A377D1B1C0538833035211F4083D00FECC414DAB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x1ED, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x298: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C05388330352 11F4083D00FECC414DAB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\CA. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x294, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x294. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\CA. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\CA. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x298, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x298, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x298, Path: \REGIST
RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x298, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x298. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x29C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Di sallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x29C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x29C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x29C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x29C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x29C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x29C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4.
0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000
0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8.
0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param
2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2A8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par
am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificate s. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW
ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2A8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x280, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2AC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2AC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Ro
ot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x14 , Param2: 0x400, Param3: 0x84, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\ USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCert ificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Certificates, Path: 0x2B4 : \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsof t\SystemCertificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Certificates, Path: 0x2B4 : \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsof t\SystemCertificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Root. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Root. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3C4, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3 090203FD5BAA2F861A754976C8DD25. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x397, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF75 14E7CF2DF8BE72AE957B9E04741E85. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4D8, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223 F3C813818C994614A89C99FA3B5247. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x500, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A 520F0D93D032CCAF37E7FE20A8B419. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3A3, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562F B2EE05DBB3D32323ADF445084ED656. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6A3, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE60
00AC7F40C3802C171E30148030C072. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\AuthRoot. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\02FAF3E291435468607857694DF5E45B68851868. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\02FAF3E291435468607857694DF5E45B68851868. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5C8, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3 E291435468607857694DF5E45B68851868. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5E4, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BA E63F1801E277261BA0D77770028F20EEE4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x477, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2A D07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x572, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3921C1 15C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000
0005, Param1: 0x2, Param2: 0x90, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x654, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D5 78499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x389, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F6556 6336DB6598581D584A596C87934D5F2AB4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5C4, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006 091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5A8, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\58119F 0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8.
0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x48C, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D 7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x44F, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\69BD8C F49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x410, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C31 92E607E424EB4549542BE1BBC53E6174E2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x436, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371C A6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x581, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6 EE3E8AC86384E548C299295C756C817B81. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97817950D81C9670CC34D809CF794431367EF474. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97817950D81C9670CC34D809CF794431367EF474. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3FA, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\978179 50D81C9670CC34D809CF794431367EF474. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x436, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E9 9636A547554F838FBA38B82E74F89A830A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2
: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x66E, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\99A69B E61AFE886B4D2B82007CB854FC317E1539. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x536, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC96 8BD4F49D622AA89A81F2150152A41D829C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\D23209AD23D314232174E40D7F9D62139786633A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\D23209AD23D314232174E40D7F9D62139786633A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x479, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209 AD23D314232174E40D7F9D62139786633A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR
oot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4A6, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4 A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E0AB059420725493056062023670F7CD2EFC6666. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E0AB059420725493056062023670F7CD2EFC6666. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4AA, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E0AB05 9420725493056062023670F7CD2EFC6666. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5B0, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2B8: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB 4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CTLs.
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\Root. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B4, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Root. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Root. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2:
0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2B8, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2B8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\SmartCardRoot. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Sm artCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar
tCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2BC, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2BC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Tr ustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2C8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2C8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certific ates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2CC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D0, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\tr
ust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D4. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D4, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\trust. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific
ates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2D8, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2D8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\trust. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\trust. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par
am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\trust. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2DC, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CTLs.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2DC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\trust. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2A8, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\trust. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2E0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2E0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E0. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x2E0, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2A8. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2AC: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\Root. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x2, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \Certificates.
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2E8: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Root \CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x14 , Param2: 0x400, Param3: 0x84, Param4: 0x0, Param5: 0x0, Path: 0x2EC: \REGISTRY\ USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCert ificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Certificates, Path: 0x2EC : \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsof t\SystemCertificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Certificates, Path: 0x2EC : \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsof t\SystemCertificates\Root\ProtectedRoots. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2EC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2E8. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x280: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\ROOT. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x3, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3C4, Param3: 0x3C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3 090203FD5BAA2F861A754976C8DD25. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x397, Param3: 0x397, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF75 14E7CF2DF8BE72AE957B9E04741E85. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4D8, Param3: 0x4D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223 F3C813818C994614A89C99FA3B5247. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x500, Param3: 0x500, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A
520F0D93D032CCAF37E7FE20A8B419. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3A3, Param3: 0x3A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562F B2EE05DBB3D32323ADF445084ED656. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6A3, Param3: 0x6A3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2F4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE60 00AC7F40C3802C171E30148030C072. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\ROOT\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F0. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2B0: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\AuthRoot. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x4, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: .
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\02FAF3E291435468607857694DF5E45B68851868. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\02FAF3E291435468607857694DF5E45B68851868. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5C8, Param3: 0x5C8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3 E291435468607857694DF5E45B68851868. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5E4, Param3: 0x5E4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BA E63F1801E277261BA0D77770028F20EEE4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x477, Param3: 0x477, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2A D07F2B335EF5A1C34E4B57E8B7D8F1FCA6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates.
0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\3921C115C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x572, Param3: 0x572, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3921C1 15C15D0ECA5CCB5BC4F07D21D8050B566A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x654, Param3: 0x654, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D5 78499B1CCF5F581EAD56BE3D9B6744A5E5. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x389, Param3: 0x389, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F6556 6336DB6598581D584A596C87934D5F2AB4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param
2: 0x5C4, Param3: 0x5C4, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006 091D97D4F5AE39F7CBE7927D7D652D3431. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5A8, Param3: 0x5A8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\58119F 0E128287EA50FDD987456F4F78DCFAD6D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x48C, Param3: 0x48C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D 7827656399D27D7F9044C9FEB3F33EFA9A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x44F, Param3: 0x44F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\69BD8C F49CD300FB592E1793CA556AF3ECAA35FB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000
0005, Param1: 0x2, Param2: 0x90, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x410, Param3: 0x410, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C31 92E607E424EB4549542BE1BBC53E6174E2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x436, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371C A6E550143DCE2803471BDE3A09E8F8770F. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x581, Param3: 0x581, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6 EE3E8AC86384E548C299295C756C817B81. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97817950D81C9670CC34D809CF794431367EF474. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97817950D81C9670CC34D809CF794431367EF474. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x3FA, Param3: 0x3FA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG
ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\978179 50D81C9670CC34D809CF794431367EF474. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x436, Param3: 0x436, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E9 9636A547554F838FBA38B82E74F89A830A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x66E, Param3: 0x66E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\99A69B E61AFE886B4D2B82007CB854FC317E1539. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x536, Param3: 0x536, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC96 8BD4F49D622AA89A81F2150152A41D829C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\D23209AD23D314232174E40D7F9D62139786633A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\D23209AD23D314232174E40D7F9D62139786633A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x479, Param3: 0x479, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209 AD23D314232174E40D7F9D62139786633A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4A6, Param3: 0x4A6, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4 A4FFE5B92FA3C503D1A349A7F9962A8212. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E0AB059420725493056062023670F7CD2EFC6666. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E0AB059420725493056062023670F7CD2EFC6666. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4AA, Param3: 0x4AA, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E0AB05 9420725493056062023670F7CD2EFC6666. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR oot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5B0, Param3: 0x5B0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x2FC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB
4B41D7D9C32B30514BAC1D81D8385E2D46. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2FC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x2F8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\AuthRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x2F8. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\GPAPI.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\GPAPI.d ll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\GPAPI.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x304, Path: \??\C:\W indows\system32\GPAPI.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x308, Path: 0x 304: \Device\HarddiskVolume1\Windows\SysWOW64\gpapi.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x739A0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x16000, Path: 0x308: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x308: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x308. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UserenvDebugLevel, Path: 0x304: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows NT\CurrentVersion\Winlogon. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GpSvcDebugLevel, Path: 0x304: \REGISTRY\MACHINE\SOFTWARE\Policies\Microso ft\Windows\System. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxRpcSize, Path: 0x304: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x304. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path:
\Registry\Machine\Software\Policies\Microsoft\SQMClient\Windows. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20119, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x310, Path: \Registry\M achine\Software\Microsoft\SQMClient\Windows. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: CEIPEnable, Path: 0x310: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClient\Windows. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x14, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: CEIPSampledIn, Path: 0x31 0: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClient\Windows. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x310. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x31C, Path: 0xFFFFFFFE: . 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2C, Param4: 0x0, Param5: 0x0, Name: SQMServiceList, Path: 0x3 24: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SQMServiceList. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x324. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x6, OutHandle: 0x32C, Path: 0x328: . 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x6, OutHandle: 0x33C, Path: 0x338: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x5, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x6, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: SystemSetupInProgress, Pa th: 0x344: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x344. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x344, Path: 0x300: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x7, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x354: \REGISTRY\MACHIN E\SOFTWARE\Policies\Microsoft\SystemCertificates. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x8, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x35C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x35C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x35C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x35C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x358. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2B4: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Root. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x9, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x360. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x360. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x360: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Root\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x360. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2B8: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xA, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x368. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x368. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x368: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x368. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2C0: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\SmartCardRoot. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xB, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x370. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x370. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x370: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Smar tCardRoot\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x370. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2D0: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\trust. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xC, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x378. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x378. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x378: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\trus t\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x378. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UserenvDebugLevel, Path: 0x384: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows NT\CurrentVersion\Winlogon. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x384. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GpSvcDebugLevel, Path: 0x384: \REGISTRY\MACHINE\SOFTWARE\Policies\Microso ft\Windows\System. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x384. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x384. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: SystemSetupInProgress, Pa th: 0x384: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x384. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x384, Path: 0x380: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xD, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x38C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x38C. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x390: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemC ertificates. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xE, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific
ates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x394. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x394. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x394: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x394. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x38C. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2D8: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\trust. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0xF, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x398. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x398. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x398: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x398. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\Certificates.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x39C. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2DC: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Trust. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x10, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3A4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Trust\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3A4. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x288: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\CA. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x11, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C ertificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C ertificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365 B482D188DFBF8A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365 B482D188DFBF8A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\3ADD0E7EA2B284FF459E137365B482D188DFBF8A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A3621 46010F2A8B6AEE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A3621 46010F2A8B6AEE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x72A, Param3: 0x72A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\4A8A2A0E276FF33B5DD88A362146010F2A8B6AEE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\867539A26C81FA2D78277C3ADF DB304312535E57. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\867539A26C81FA2D78277C3ADF DB304312535E57. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x556, Param3: 0x556, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst
emCertificates\CA\Certificates\867539A26C81FA2D78277C3ADFDB304312535E57. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1 -5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates \CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\E5958D48FE10D7340311E8C03B B22940DABA2DA3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\SystemCertificates\CA\Certificates\E5958D48FE10D7340311E8C03B B22940DABA2DA3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x5E2, Param3: 0x5E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3B0: \REG ISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Syst emCertificates\CA\Certificates\E5958D48FE10D7340311E8C03BB22940DABA2DA3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3AC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C RLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C RLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3AC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C TLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3AC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\CA\C TLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3AC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B0. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x290: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\CA. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x12, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\109F1CAED645BB78B3EA2B94C0697C740733031C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\109F1CAED645BB78B3EA2B94C0697C740733031C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x487, Param3: 0x487, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645 BB78B3EA2B94C0697C740733031C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x453, Param3: 0x453, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B 08F46A30A133F8A9ED3D038E2EA8.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Ce rtificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x27A, Param3: 0x27A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E39 65A5246F000E87FDE2A065FD89D4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR Ls\A377D1B1C0538833035211F4083D00FECC414DAB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR Ls\A377D1B1C0538833035211F4083D00FECC414DAB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x1ED, Param3: 0x1ED, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3BC: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C05388330352 11F4083D00FECC414DAB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3B8: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3B8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\Certificates.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C0: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3BC. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x294: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\CA. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x13, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3C4: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\CA\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3C4. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4001, Param4: 0x0, Param5: 0x0, OutHandle: 0x3C8, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My. 0x0A10: SUCCESS: New_NtNotifyChangeDirectoryFile succeeded. Status: 0x103, Para m1: 0x20, Param2: 0x1B, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x3C8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x14, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3CC, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\.
0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x3CC: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ Certificates. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x116, Param4: 0x0, Param5: 0x0, Path: 0x3CC: \Device\Ha rddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certifi cates. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3D0, Path: \?? \C:\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C19B E8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3D0: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certific ates\C19BE8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 338, Param3: 0x338, Param4: 0x0, Param5: 0x0, Path: 0x3D0: \Device\HarddiskVolum e1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C19BE 8CB79A3CA2F7057F7DA1EF5AF0602599CC4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D0. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3CC: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3CC. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3CC, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x3CC: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ CRLs. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x62, Param4: 0x0, Param5: 0x0, Path: 0x3CC: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3CC: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3CC. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3CC, Path: \??\C: \Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x60, Param4: 0x1, Param5: 0x0, Name: *, Path: 0x3CC: \De vice\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\ CTLs. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x62, Param4: 0x0, Param5: 0x0, Path: 0x3CC: \Device\Har ddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3CC: \Device\HarddiskVolume1\Users\MarK\AppData\Roaming\Microsoft\System Certificates\My\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3CC.
0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x298: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x15, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3D4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3DC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3DC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs.
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3DC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3DC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3D8. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2A0: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x16, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6.
0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000
0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4.
0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param
2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal
lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x3E4: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E0: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E8. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3E8: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3E4. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2A4: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x17, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3EC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3EC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3EC: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3EC. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2BC: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\TrustedPeople. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x18, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3F4: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Trus tedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\Certificates.
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3FC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3FC. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x3FC: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3FC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F8. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2C8: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x19, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x404. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x404. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x404: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x404. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates.
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x40C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x40C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x40C: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x40C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x408. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x2CC: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1A, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x410. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x410. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x410: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x410. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x278: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateCha inEngine\Config. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1B, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x414: \REGISTRY\MACHINE\
SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x418. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x414: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x1E, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevo cation. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x420: \REGISTRY\MACHINE\SOFTW ARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocatio n\DEFAULT. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0xDC, Param4: 0x3C, Param5: 0x0, Path: 0x420: \REGISTRY\MACH INE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerify Revocation\DEFAULT. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\Encoding Type 1\CertDllVerifyRevocation. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x418. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x414: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\cryptnet.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\cryptne t.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\cryptnet.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x414, Path: \??\C:\W indows\system32\cryptnet.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x418, Path: 0x 414: \Device\HarddiskVolume1\Windows\SysWOW64\cryptnet.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73980 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1C000, Path: 0x418: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x418: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x418. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x414, Path: \KnownDlls3 2\WLDAP32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x76750 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45000, Path: 0x414: \Known
Dlls32\WLDAP32.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414: \KnownDlls32\WLDAP32. dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LdapClientIntegrity, Path : 0x41C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\LDAP. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseOldHostResolutionOrder, Path: 0x41C: \REGISTRY\MACHINE\SYSTEM\ControlS et001\services\LDAP. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: UseHostnameAsAlias, Path: 0x41C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\s ervices\LDAP. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DebugFlags, Path: 0x41C: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ crypt32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x41C: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x41C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\LocalLow. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x20000, Param2 : 0x7, Param3: 0x200000, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \??\C :\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x10 , Param2: 0x400, Param3: 0x30, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x41C, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0 A46932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A 46932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\Har ddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E 31627FDA0A46932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1\U sers\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A4693 2B0E5948949F2A5. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 6C, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46 932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 72, Param3: 0x72, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46 932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 382, Param3: 0x382, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolum e1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A4 6932B0E5948949F2A5. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetCachedOcspSwitchToCrlCount, Path: 0x41C: \REGISTRY\MACHINE\SOFTWA RE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine \Config. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetMaxCachedOcspPerCrlCount, Path: 0x41C: \REGISTRY\MACHINE\SOFTWARE \Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\C onfig. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\LocalLow. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x20000, Param2 : 0x7, Param3: 0x200000, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \??\C :\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x10 , Param2: 0x400, Param3: 0x30, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x41C, Path: \??\C: \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0xE0, Param4: 0x1, Param5: 0x0, Name: 3C3948BE6E525B8A8CE E9FAC91C9E392_*, Path: 0x41C: \Device\HarddiskVolume1\Users\MarK\AppData\LocalLo w\Microsoft\CryptnetUrlCache\MetaData. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x1000, Param3: 0x2A0, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x41C: \Device\HarddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\Crypt netUrlCache\MetaData. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\LocalLow. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x20000, Param2 : 0x7, Param3: 0x200000, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \??\C :\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x10 , Param2: 0x400, Param3: 0x30, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x41C, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E52 5B8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525 B8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\Har ddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3 948BE6E525B8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1\U sers\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8 CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 6C, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8 A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 134, Param3: 0x134, Param4: 0x0, Param5: 0x0, Path: 0x41C: \Device\HarddiskVolum e1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525 B8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 69D, Param3: 0x69D, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolum e1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B 8A8CEE9FAC91C9E392_F3E5577AABDCA3C2DEE674E5F9C7D511. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetPreFetchMinMaxAgeSeconds, Path: 0x41C: \REGISTRY\MACHINE\SOFTWARE \Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\C onfig. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CryptnetPreFetchMaxMaxAgeSeconds, Path: 0x41C: \REGISTRY\MACHINE\SOFTWARE \Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\C onfig. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\SensApi.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00
00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SensApi .dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\SensApi.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x41C, Path: \??\C:\W indows\system32\SensApi.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x420, Path: 0x 41C: \Device\HarddiskVolume1\Windows\SysWOW64\SensApi.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6CF20 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6000, Path: 0x420: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x41C. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \Sessions\1\BaseNamedObjects\SENS Information Cache. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 4: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x42 4: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x428: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: ProfileImagePath, Path: 0 x428: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList \S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\LocalLow. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x20000, Param2 : 0x7, Param3: 0x200000, Param4: 0x0, Param5: 0x0, OutHandle: 0x424, Path: \??\C :\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtQuerySecurityObject succeeded. Status: 0x0, Param1: 0x10 , Param2: 0x400, Param3: 0x30, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Ha rddiskVolume1\Users\MarK\AppData\LocalLow. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \??
\C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B 3142E455B38A6EB92015. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x424, Path: \?? \C:\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3 142E455B38A6EB92015. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Har ddiskVolume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\943 08059B57B3142E455B38A6EB92015. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1\U sers\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E 455B38A6EB92015. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 6C, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B314 2E455B38A6EB92015. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x E6, Param3: 0xE6, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1 \Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B314 2E455B38A6EB92015. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x B852, Param3: 0xB852, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B 3142E455B38A6EB92015. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Temp. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x0, Param4: 0x2, Param5: 0x60, OutHandle: 0x420, Path: \?? \C:\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Temp. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x0, Param4: 0x2, Param5: 0x60, OutHandle: 0x420, Path: \?? \C:\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x40100080, P aram2: 0x0, Param3: 0x0, Param4: 0x5, Param5: 0x60, OutHandle: 0x420, Path: \??\ C:\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xB852, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: SystemSetupInProgress, Pa th: 0x420: \REGISTRY\MACHINE\SYSTEM\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P
ath: \KnownDlls32\Cabinet.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Cabinet .dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\Cabinet.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \??\C:\W indows\system32\Cabinet.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x424, Path: 0x 420: \Device\HarddiskVolume1\Windows\SysWOW64\cabinet.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x70320 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x15000, Path: 0x424: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Temp\. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \??\ C:\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x424, Path: \??\ C:\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 24, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1 \Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0xE , Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Hardd iskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\DEVRTL.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\DEVRTL. dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\DEVRTL.dll.
0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \??\C:\W indows\system32\DEVRTL.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x42C, Path: 0x 428: \Device\HarddiskVolume1\Windows\SysWOW64\devrtl.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74080 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xE000, Path: 0x42C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\INF\. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LogLevel, Path: 0x428: \R EGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LogMask, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\Curren tVersion\Setup. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LogMaxFileSize, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Setup. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0xE , Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Hardd iskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 10, Param3: 0x10, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolume1 \Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0xE , Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Hardd iskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 100, Param3: 0x100, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0xC0100080, P aram2: 0x80, Param3: 0x3, Param4: 0x5, Param5: 0x60, OutHandle: 0x428, Path: \?? \C:\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp.
0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 3912, Param3: 0x3912, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 31B8, Param3: 0x31B8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 31B4, Param3: 0x31B4, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVolume1\U sers\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1B6B, Param3: 0x1B6B, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskVol ume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2F93, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0x4, Param2: 0x28, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428: \Device\Harddi skVolume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0xE , Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Hardd iskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x3, Param4: 0x1, Param5: 0x60, OutHandle: 0x424, Path: \??\ C:\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1AF93, Param3: 0x1AF93, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\HarddiskV olume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x10080, Param2 : 0x7, Param3: 0x204040, Param4: 0x0, Param5: 0x0, OutHandle: 0x424, Path: \??\C :\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x2 3, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Hard diskVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xD, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\CabEFE.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x10080, Param2 : 0x7, Param3: 0x204040, Param4: 0x0, Param5: 0x0, OutHandle: 0x424, Path: \??\C :\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x2 3, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Hard diskVolume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xD, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424: \Device\Harddis kVolume1\Users\MarK\AppData\Local\Temp\TarEFF.tmp. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x424: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2C, Param5: 0x0, Path: 0x424: \REGISTRY\MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x2, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x424: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certific ate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x3E, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cer tificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPol icy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Fin
alPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initiali zation\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Ini tialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\ {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x32, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Mes sage\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signatur e\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x36, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Sig nature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertChec k\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2E, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cer tCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x26, Param4: 0x0, Param5: 0x0, Name: $DLL, Path: 0x428: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\ {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2A, Param4: 0x0, Param5: 0x0, Name: $Function, Path: 0x428: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cle anup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x2, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x214: . 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\LevelObjects. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x1, Param2: 0x0 , Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \Registry\Machi ne\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers.
0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Levels, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Window s\safer\codeidentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\P aths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\H ashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\U rlZones. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\409 6\Paths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\409 6\Hashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\409 6\UrlZones. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\655 36\Paths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\655 36\Hashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\655 36\UrlZones. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131 072\Paths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131 072\Hashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131 072\UrlZones. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262 144\Paths. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262 144\Hashes. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262 144\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\0\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \Registry\M achine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DefaultLevel, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\ Windows\safer\codeidentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \Registry\M achine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: SaferFlags, Path: 0x428: \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Wi ndows\safer\codeidentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\ Microsoft\Windows\Safer\CodeIdentifiers. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x42C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x430, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC
ertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Di sallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x430, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x430, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x430: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif
icates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000
0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG
ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F
4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal
lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x43C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW
ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificate s. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x428, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x43C, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x43C, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x43C, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x43C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x42C: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1C, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa
llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x444. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x444. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x444: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x444. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1D, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: .
0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates.
0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param
2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000
0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG
ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060
ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x454: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1E, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1F, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1E, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x444. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1D, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x440. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x42C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x43C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x428. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\rpcss.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\system32\rpcss.dll. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x69400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xDF000, Path: 0x42C: . 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: INFO: Call to New_QueryActCtxW made: Flags: 0x0, ActCtx: 0x0, InfoCla
ss: 0x2, Ret: 0x0. 0x1174: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Call to New_QueryActCtxW made: Flags: 0x0, ActCtx: 0x0, InfoCla ss: 0x2, Ret: 0x1. 0x0A10: INFO: Call to New_QueryActCtxW made: Flags: 0x0, ActCtx: 0x0, InfoCla ss: 0x2, Ret: 0x0. 0x1174: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Call to New_QueryActCtxW made: Flags: 0x0, ActCtx: 0x0, InfoCla ss: 0x2, Ret: 0x1. 0x1174: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x430, Path: \??\ C:\Windows\system32\l_intl.nls. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x430: \Device\Har ddiskVolume1\Windows\SysWOW64\l_intl.nls. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x448, Path: 0x430. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x1CE00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3000, Path: 0x448: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Category, Path: 0x448: \R EGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\F olderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x18, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x448: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Folde rDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5A, Param4: 0x0, Param5: 0x0, Name: ParentFolder, Path: 0x448 : \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explor er\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Description, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-60 07CAEDCF9D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x62, Param4: 0x0, Param5: 0x0, Name: RelativePath, Path: 0x448
: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explor er\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParsingName, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-60 07CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InfoTip, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Wi ndows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CA EDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalizedName, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA856007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Icon, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDC F9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Security, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007C AEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResource, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85 -6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResourceType, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251BA85-6007CAEDCF9D}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LocalRedirectOnly, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\e xplorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Roamable, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007C AEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreCreate, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007 CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Stream, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Win dows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAE DCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PublishExpandedPath, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251 -BA85-6007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Attributes, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft \Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-600 7CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FolderTypeID, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6 007CAEDCF9D}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InitFolderHandler, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi
crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{352481E8-33BE-4251-B A85-6007CAEDCF9D}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: C ache, Path: 0x430: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: C ache, Path: 0x430: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x9A, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: Cache, Path: 0x430: \REGI STRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windo ws\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Microsoft\Windows\Temporary Internet Files. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.config. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LatestIndex, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x430: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param
2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x430: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Enhanced RSA and AES Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windows \CurrentVersion\WinTrust\Trust Providers\Software Publishing. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: State, Path: 0x448: \REGI STRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Windo ws\CurrentVersion\WinTrust\Trust Providers\Software Publishing. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x18, Param4: 0x0, Param5: 0x0, Name: Safety Warning Level, Pat h: 0x430: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\ Microsoft\Internet Explorer\Security. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x430. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4DA0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu
res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6A200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6A20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6A200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3E300 00, Param2: 0x0, Param3: 0x0, Param4: 0x11B0000, Param5: 0x4000, Path: 0x37F1C68 : \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\S AFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3E30000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6A20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6A200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x3E300 00, Param2: 0x0, Param3: 0x0, Param4: 0x11B0000, Param5: 0x4000, Path: 0x37F1C68 : \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\S AFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3E30000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6A20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: New_NtDeviceIoControlFile reports insufficient buffer. Status: 0x80000005, Param1: 0x390402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0 , Name: , Path: 0x270: \Device\KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0xD8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6A200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA00000, Path: 0x37F1C68: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE. exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xA00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xB00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xC00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xD00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0xE00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200
00, Param2: 0x0, Param3: 0x0, Param4: 0xF00000, Param5: 0x100000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0x1000000, Param5: 0x100000, Path: 0x37F1C 68: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74200 00, Param2: 0x0, Param3: 0x0, Param4: 0x1100000, Param5: 0xB4000, Path: 0x37F1C6 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ SAFE.exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7420000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6A20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Di sallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemC ertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x450, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-521-4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertif icates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x450, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x450, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Policies\Microsof t\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOF TWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D
4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal
lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371 62CC59A3A1E25956FA5FA8F60D2E1C52EAC6.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF.
0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000
0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x438: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x
B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificate s. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOF TWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x448, Path: \REGIST RY\MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par
am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryObject succeeded. Status: 0x0, Param1: 0x0, Param2: 0x38, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOF TWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x438, Path: \REGIST RY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x438: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x434: \REGISTRY\USER\S -1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificat es\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1C, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa
llowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x45C: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Microsoft\SystemCertificates\Disa llowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x464. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x464. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x464: \REGISTRY\USER\S-1-5-21 -4048755273-3007554995-782353158-1001\Software\Policies\Microsoft\SystemCertific ates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x464. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x450: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\SystemCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1D, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000
0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\1916A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6D8, Param3: 0x6D8, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916 A2AF346D399F50313C393200F14140456616. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84 BFBB34EE2EF949FE1CBE30AA026416EB2216. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6EC, Param3: 0x6EC, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F 8BD17AA2CBC483A4C41B19A39A0C75DA39D6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG
ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D 4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x55C, Param3: 0x55C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA 38731BD189F9CDB5B9DC35E2136F38777AF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x670, Param3: 0x670, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9 BCB568E039D073A74A71D8511F7476089CC3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C 949A8143DB5AD5CDF1C972864A2504FA23C9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name:
Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x4BB, Param3: 0x4BB, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3 247D60F356C7CA3BAF4C3F429DAC93EE7B74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x77C, Param3: 0x77C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE8 3EE82AC5090AEA9D6AC4E7A6E213F946E179. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x7D1, Param3: 0x7D1, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6179 3FCBFA4F9008309BBA5FF12D2CB29CD4151A. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x94A, Param3: 0x94A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6371
62CC59A3A1E25956FA5FA8F60D2E1C52EAC6. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E3, Param3: 0x6E3, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FE AE960BAA91E343CE2BD8B71798C76BDB77D0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\6431723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E2, Param3: 0x6E2, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431 723036FD26DEA502792FA595922493030F97. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x95C, Param3: 0x95C, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F 4414CCEF168ADF6BF40753B5BECD78375931. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal
lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8096 2AE4D6C5B442894E95A13E4A699E07D694CF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x688, Param3: 0x688, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E8 17C81A5CA672FE000F36F878C19518D6F844. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x602, Param3: 0x602, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5B D50D6AE686D65252F843A9D4B96D197730AB. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x11, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x64A, Param3: 0x64A, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845 A431D51959CAF225322B4A4FE9F223CE6D15.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x12, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x54F, Param3: 0x54F, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533 345D06F64516403C00DA03187D3BFEF59156. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x13, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x628, Param3: 0x628, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E 791620F759F17B8D25E38CA8BE32E7D5EAC2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x14, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x65E, Param3: 0x65E, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060 ED44CBD881BD0EF86C0BA287DDCF8167478C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x15, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE.
0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6E0, Param3: 0x6E0, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA5 86B2CE593EC7D939898337C57814708AB2BE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x16, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x6CD, Param3: 0x6CD, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018 B62DC518907247DF50925BB09ACF4A5CB3AD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x17, Param 2: 0x0, Param3: 0x120, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE \SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disal lowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x50D, Param3: 0x50D, Param4: 0x0, Param5: 0x0, Name: Blob, Path: 0x46C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A5 4E03AADC5692B850496A4C4630FFEAA29D83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\SystemCertificates\Disallowed\CTLs.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \REGISTRY\MACHINE\SOFTW ARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtNotifyChangeKey succeeded. Status: 0x103, Param1: 0x0, P aram2: 0x0, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x454: \REGISTRY\MACHIN E\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1E, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x474. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x474. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x474: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x474. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1F, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1E, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x464. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x101, Param1: 0x1D, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: SAFE.INI, Path: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86 )\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4DA0, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6E200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11B4000, Path: 0x37F1C68: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE .exe. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6E20000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1C68. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Latest, Path: 0x448: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x438, Path: \??\ C:\Windows\assembly\pubpol39.dat. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x12, Param4: 0x0, Param5: 0x0, Name: index39, Path: 0x448: \RE GISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LegacyPolicyTimeStamp, Pa th: 0x448: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default. 0x0A10: INFO: New_NtQueryFullAttributesFile reports item not found: Status: 0 xC0000034, Path: \??\C:\Windows\assembly\GAC\PublisherPolicy.tme. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v2.0.50727\config\machine.config. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x434, Path: \?? \C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x FFF, Param3: 0xFFF, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVolum e1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 186B, Param3: 0x186B, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1076, Param3: 0x1076, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 100D, Param3: 0x100D, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1066, Param3: 0x1066, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x14, Param5: 0x0, Path: 0x434: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\1c22df2f\4f99a7c9. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\1c22df2f\4f99a7c9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1 c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param
2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x434: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2 f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22d f2f\4f99a7c9\83. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x98, Param4: 0x0, Param5: 0x0, Name: I LDependencies, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeIm agesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x98, Param3: 0x98, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 34: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4 34: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\1c22df2f\4f99a7c9\83. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\83. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6A, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ c991064\591b6ebf\14. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c9910 64\591b6ebf\14. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\c991064\591b6ebf\14. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\ 591b6ebf\14. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ c991064\591b6ebf\14. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5E, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 6dc7d4c0\a5cd4db\16. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG
ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d 4c0\a5cd4db\16. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\16. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0 \a5cd4db\16. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 6dc7d4c0\a5cd4db\16. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x64, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3ced59c5\1b2590b1\39. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced5 9c5\1b2590b1\39. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\39. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5 \1b2590b1\39. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3ced59c5\1b2590b1\39. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x70, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ f6e8397\46ad0879\d. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e83 97\46ad0879\d. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\d. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\ 46ad0879\d. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ f6e8397\46ad0879\d. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x64, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\
2b1a4e4\38a3212c\64. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4 e4\38a3212c\64. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\64. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\ 38a3212c\64. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 2b1a4e4\38a3212c\64. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 24bf93f6\455bab30\31. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf9 3f6\455bab30\31. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\31. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6 \455bab30\31. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 24bf93f6\455bab30\31. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6C, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 4f99a7c9\53bea2b0\a1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a 7c9\53bea2b0\a1. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\a1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9 \53bea2b0\a1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 4f99a7c9\53bea2b0\a1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434.
0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3 0bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x434: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4 f\3f50fe4f\4. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7 c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x48, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 34: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x20, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4 34: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\30bc7c4f\3f50fe4f\4. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6A, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 424bd4d8\1c83327b\2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd 4d8\1c83327b\2. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8 \1c83327b\2. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 424bd4d8\1c83327b\2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\
19ab8d57\1bd7b0d8\3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8 d57\1bd7b0d8\3. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57 \1bd7b0d8\3. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 19ab8d57\1bd7b0d8\3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3f50fe4f\7b2a17f0\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x434: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50f e4f\7b2a17f0\4. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\3f50fe4f\7b2a17f0\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x434: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f \7b2a17f0\4. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x434: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3f50fe4f\7b2a17f0\4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: Microsoft.VisualBasic,8.0 .0.0,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\F usion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System,2.0.0.0,,b77a5c561 934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GACChange Notification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Xml,2.0.0.0,,b77a5 c561934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GACCh angeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Configuration,2.0. 0.0,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fu sion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.
dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c3 79\System.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x458, Path: 0x 434: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System\ abab08afa60a6f06bdde0fcc9649c379\System.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5FCA0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x79C000, Path: 0x458: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Web,2.0.0.0,,b03f5 f7f11d50a3a,x86, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GACCha ngeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Management,2.0.0.0 ,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusio n\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Runtime.Remoting,2 .0.0.0,,b77a5c561934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft \Fusion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Deployment,2.0.0.0 ,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusio n\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Drawing,2.0.0.0,,b 03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\G ACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Windows.Forms,2.0. 0.0,,b77a5c561934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fu sion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311 245\Microsoft.VisualBasic.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3 796b55e377311245\Microsoft.VisualBasic.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x458, Path: 0x 434: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\Microso ft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x57580 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x19B000, Path: 0x458: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2
: 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C: \Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Microsoft.VisualBasic.INI, Path: 0x434: \Device\HarddiskVolume1\Wind ows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C: \Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.INI, Path: 0x434: \Device\HarddiskVolume1\Windows\assembly\GA C_MSIL\System\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorjit.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x458, Path: 0x 434: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit .dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60AC0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5B000, Path: 0x458: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x434: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x434: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x434. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x60AC0000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x434, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: mscorjit.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows N T\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Microsoft.VisualBasic.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Mic rosoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x14, Param5: 0x0, Path: 0x458: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\61e7e666\c991064. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\61e7e666\c991064. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x6A, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6 1e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x458: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e66 6\c991064\23. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458.
0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e 666\c991064\23. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x98, Param4: 0x0, Param5: 0x0, Name: I LDependencies, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeIm agesIndex\v2.0.50727_32\NI\61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x98, Param3: 0x98, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 58: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x48, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4 58: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\61e7e666\c991064\23. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\23. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x60, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 475dce40\2d382ce6\9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dc e40\2d382ce6\9. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x458: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40 \2d382ce6\9. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 475dce40\2d382ce6\9. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 2dd6ac50\163e1f5e\7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6a c50\163e1f5e\7. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\7. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x458: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50 \163e1f5e\7.
0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 2dd6ac50\163e1f5e\7. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: INFO: New_NtQueryValueKey reports insufficient buffer. Status: 0x8000 0005, Param1: 0x2, Param2: 0x90, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: D isplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImage sIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x9A, Param3: 0x9A, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 41c04c7e\7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04 c7e\7f3b6ac4\2a. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x458: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e \7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 41c04c7e\7f3b6ac4\2a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5E, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3 cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x458: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a 0\6dc7d4c0\27. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x458: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca0 6a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x20, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 58: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4
58: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\3cca06a0\6dc7d4c0\27. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x458: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\27. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\Sy stem.Drawing.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x458, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41 d8067359a1\System.Drawing.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x45C, Path: 0x 458: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System. Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5F960 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x188000, Path: 0x45C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Runtime.Serializat ion.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHI NE\Software\Microsoft\Fusion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: Accessibility,2.0.0.0,,b0 3f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\GA CChangeNotification\Default. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Security,2.0.0.0,, b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusion\ GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b 9db\System.Windows.Forms.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x458, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aaf eadbe22b6b31b9db\System.Windows.Forms.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x45C, Path: 0x 458: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System. Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5E780 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xBDE000, Path: 0x45C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2
: 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x458, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Windows.Forms.INI, Path: 0x458: \Device\HarddiskVolume1\Windo ws\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x458, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Drawing.INI, Path: 0x458: \Device\HarddiskVolume1\Windows\ass embly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x45C, Path: 0xFFFFFFFE: . 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Globalization\es-es.nlp. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DbgJITDebugLaunchSetting, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Wow6432 Node\Microsoft\.NETFramework. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DbgManagedDebugger, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\.NETFramework. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x14, Param5: 0x0, Path: 0x44C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\432ba598\f6e8397. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\432ba598\f6e8397. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x70, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4 32ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x44C: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba59 8\f6e8397\21. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x44C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\432ba 598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x84, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x4 4C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x4 4C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\432ba598\f6e8397\21. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\432ba598\f6e8397\21. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x72, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3a6a696d\52d7076e\2e. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x44C: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a6 96d\52d7076e\2e. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\3a6a696d\52d7076e\2e. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x44C: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3a6a696d \52d7076e\2e. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x44C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 3a6a696d\52d7076e\2e. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C.
0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.DirectoryServices, 2.0.0.0,,b03f5f7f11d50a3a,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsof t\Fusion\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff 10d\System.Runtime.Remoting.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040f a044dd21a04ff10d\System.Runtime.Remoting.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x460, Path: 0x 44C: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System. Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A380 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xC1000, Path: 0x460: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Runtime.Remoting.INI, Path: 0x44C: \Device\HarddiskVolume1\Wi ndows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a 5c561934e089\uxtheme.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \??\C:\W indows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.W indows.Forms.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x460, Path: 0x4 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0 .0__b77a5c561934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5F360 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4CE000, Path: 0x460: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x450, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide.
0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x450: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x44C: \Device \HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c5 61934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x44C: \Device\Har ddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c56193 4e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5F360000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x8, File: C:\W indows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.W indows.Forms.dll, AsmDir: , ResourceName: Int Resource: 101, AppName: , HMod: 0x 0 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x44C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a438669 6c80. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x44C, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none _72d18a4386696c80. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a438669 6c80\gdiplus.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x460, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none _72d18a4386696c80\gdiplus.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x450, Path: 0x 460: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b6
4144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x73CD0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x190000, Path: 0x450: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x450. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x460. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.Drawing.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.Windows.Forms.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Micr osoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.Runtime.Remoting.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\M icrosoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x46C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\Windows NT\CurrentVersion\Fonts. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtCreateKey succeeded. Status: 0x0, Param1: 0x2000000, Par am2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \REGIST RY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\GDIPlus . 0x117C: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x117C: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: FontCachePath, Path: 0x45 4: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\GDIPlus. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0xC0100080, P aram2: 0x80, Param3: 0x3, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\Users\MarK\AppData\Local\GDIPFONTCACHEV1.DAT. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\GDIPFONTCACHEV1.DAT. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0007, P aram2: 0x227C8, Param3: 0x4, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, P ath: 0x470: \Device\HarddiskVolume1\Users\MarK\AppData\Local\GDIPFONTCACHEV1.DAT . 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x66500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x23000, Path: 0x454: . 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\WINDOWS\FONTS\ ACADEREF.TTF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6650000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x410, Param4: 0x108, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x410, Param4: 0x1C2, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x410, Param4: 0x1DA, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P aram2: 0x1, Param3: 0x410, Param4: 0x1D2, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0x410, Param4: 0xE4, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5, P aram2: 0x1, Param3: 0x410, Param4: 0xE4, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6, P aram2: 0x1, Param3: 0x410, Param4: 0xC4, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7, P aram2: 0x1, Param3: 0x410, Param4: 0x1D6, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ TAHOMA.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\TAHOMA.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\TAHOMA.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xAB000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470.
0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\TAHOMA.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\tahoma.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xAB000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14A9000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf.
0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\msjh.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14A9000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14C3000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\msyh.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\msyh.ttf.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14C3000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MALGUN.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MALGUN.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x423000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MALGUN.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\malgun.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x423000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8, P aram2: 0x1, Param3: 0x410, Param4: 0xE2, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MICROSS.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MICROSS.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA0000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\MICROSS.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\micross.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xA0000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7410000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9, P
aram2: 0x1, Param3: 0x410, Param4: 0xDE, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA, P aram2: 0x1, Param3: 0x410, Param4: 0x112, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB, P aram2: 0x1, Param3: 0x410, Param4: 0x112, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xC, P aram2: 0x1, Param3: 0x410, Param4: 0x110, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xD, P aram2: 0x1, Param3: 0x410, Param4: 0x14E, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xE, P aram2: 0x1, Param3: 0x410, Param4: 0x162, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x66500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x7F000, Path: 0x454: .
0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6650000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x470, Path: \?? \C:\WINDOWS\FONTS\SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x470: \Device\Har ddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x454, Path: 0x470: \Device\HarddiskVolume1\Windows\Fonts\segoeui.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x66500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x7F000, Path: 0x454: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x6650000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x454. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x470. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xF, P aram2: 0x1, Param3: 0x410, Param4: 0x19E, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x10, Param2: 0x1, Param3: 0x410, Param4: 0xE0, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x11, Param2: 0x1, Param3: 0x410, Param4: 0x114, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x12, Param2: 0x1, Param3: 0x410, Param4: 0xAC, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x13, Param2: 0x1, Param3: 0x410, Param4: 0x15E, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0,
Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x14, Param2: 0x1, Param3: 0x410, Param4: 0x192, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x15, Param2: 0x1, Param3: 0x410, Param4: 0x132, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x16, Param2: 0x1, Param3: 0x410, Param4: 0x15E, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x17, Param2: 0x1, Param3: 0x410, Param4: 0x13A, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MALGUN.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x18, Param2: 0x1, Param3: 0x410, Param4: 0x15E, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x19, Param2: 0x1, Param3: 0x410, Param4: 0x9C, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1A, Param2: 0x1, Param3: 0x410, Param4: 0x98, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1B, Param2: 0x1, Param3: 0x410, Param4: 0xE0, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1C, Param2: 0x1, Param3: 0x410, Param4: 0x9A, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1D, Param2: 0x1, Param3: 0x410, Param4: 0x9C, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1E,
Param2: 0x1, Param3: 0x410, Param4: 0xA0, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1F, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x20, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x21, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x22, Param2: 0x1, Param3: 0x410, Param4: 0xE4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MICROSS.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x23, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x24, Param2: 0x1, Param3: 0x410, Param4: 0xA8, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x25, Param2: 0x1, Param3: 0x410, Param4: 0xA4, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x26, Param2: 0x1, Param3: 0x410, Param4: 0x14A, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ SEGOEUI.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSJH.TTF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\fonts\ MSYH.TTF. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x27, Param2: 0x1, Param3: 0x410, Param4: 0x17E, Param5: 0x0, Path: 0x468: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x28, Param2: 0x1, Param3: 0x410, Param4: 0x17E, Param5: 0x0, Name: , Path: 0x468: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fon tLink\SystemLink. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x468: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x30C, Param4: 0x5E, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x30C, Param4: 0x54, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P
aram2: 0x1, Param3: 0x30C, Param4: 0x66, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0x30C, Param4: 0x34, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5, P aram2: 0x1, Param3: 0x30C, Param4: 0x4C, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6, P aram2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7, P aram2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8, P aram2: 0x1, Param3: 0x30C, Param4: 0x4C, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9, P aram2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA, P aram2: 0x1, Param3: 0x30C, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB, P aram2: 0x1, Param3: 0x30C, Param4: 0x58, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xC, P aram2: 0x1, Param3: 0x30C, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xD, P aram2: 0x1, Param3: 0x30C, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xE, P aram2: 0x1, Param3: 0x30C, Param4: 0x60, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xF, P aram2: 0x1, Param3: 0x30C, Param4: 0x40, Param5: 0x0, Path: 0x468: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x10, Param2: 0x1, Param3: 0x30C, Param4: 0x70, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x11, Param2: 0x1, Param3: 0x30C, Param4: 0x68, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x12, Param2: 0x1, Param3: 0x30C, Param4: 0x70, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x13, Param2: 0x1, Param3: 0x30C, Param4: 0x70, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x14, Param2: 0x1, Param3: 0x30C, Param4: 0x70, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x15, Param2: 0x1, Param3: 0x30C, Param4: 0x3E, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x16, Param2: 0x1, Param3: 0x30C, Param4: 0x46, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x17,
Param2: 0x1, Param3: 0x30C, Param4: 0x3C, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x18, Param2: 0x1, Param3: 0x30C, Param4: 0x3A, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x19, Param2: 0x1, Param3: 0x30C, Param4: 0x44, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1A, Param2: 0x1, Param3: 0x30C, Param4: 0x46, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1B, Param2: 0x1, Param3: 0x30C, Param4: 0x62, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1C, Param2: 0x1, Param3: 0x30C, Param4: 0x40, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1D, Param2: 0x1, Param3: 0x30C, Param4: 0x4A, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1E, Param2: 0x1, Param3: 0x30C, Param4: 0x3C, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1F, Param2: 0x1, Param3: 0x30C, Param4: 0x5A, Param5: 0x0, Path: 0x468: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x20, Param2: 0x1, Param3: 0x30C, Param4: 0x5A, Param5: 0x0, Name: , Path: 0x468: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Substitutes. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x468. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x468, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\Locale. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x470, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x454, Path: \Registry\M achine\System\CurrentControlSet\Control\Nls\Language Groups. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x2C, Param4: 0x0, Param5: 0x0, Name: 00000C0A, Path: 0x468: \ REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x1, Param 2: 0x214, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: 1, Path: 0x454: \REGISTR Y\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x46C: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x0, Param2: 0x1, Param3: 0xDC, Param4: 0x108, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x108, Param4: 0x108, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x1, Param2: 0x1, Param3: 0xDC, Param4: 0x1C2, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio
n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x1C2, Param4: 0x1C2, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x2, Param2: 0x1, Param3: 0xDC, Param4: 0x1DA, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x1DA, Param4: 0x1DA, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x3, Param2: 0x1, Param3: 0xDC, Param4: 0x1D2, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P aram2: 0x1, Param3: 0x1D2, Param4: 0x1D2, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x4, Param2: 0x1, Param3: 0xDC, Param4: 0xE4, Param5: 0x0, Nam e: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0xE4, Param4: 0xE4, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x5, Param2: 0x1, Param3: 0xDC, Param4: 0xE4, Param5: 0x0, Nam e: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5, P aram2: 0x1, Param3: 0xE4, Param4: 0xE4, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6, P aram2: 0x1, Param3: 0xDC, Param4: 0xC4, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x7, Param2: 0x1, Param3: 0xDC, Param4: 0x1D6, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7, P aram2: 0x1, Param3: 0x1D6, Param4: 0x1D6, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x8, Param2: 0x1, Param3: 0xDC, Param4: 0xE2, Param5: 0x0, Nam e: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8, P aram2: 0x1, Param3: 0xE2, Param4: 0xE2, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x9, Param2: 0x1, Param3: 0xDC, Param4: 0xDE, Param5: 0x0, Nam e: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9, P aram2: 0x1, Param3: 0xDE, Param4: 0xDE, Param5: 0x0, Path: 0x46C: \REGISTRY\MACH INE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xA, Param2: 0x1, Param3: 0xDC, Param4: 0x112, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink.
0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA, P aram2: 0x1, Param3: 0x112, Param4: 0x112, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xB, Param2: 0x1, Param3: 0xDC, Param4: 0x112, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB, P aram2: 0x1, Param3: 0x112, Param4: 0x112, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xC, Param2: 0x1, Param3: 0xDC, Param4: 0x110, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xC, P aram2: 0x1, Param3: 0x110, Param4: 0x110, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xD, Param2: 0x1, Param3: 0xDC, Param4: 0x14E, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xD, P aram2: 0x1, Param3: 0x14E, Param4: 0x14E, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xE, Param2: 0x1, Param3: 0xDC, Param4: 0x162, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xE, P aram2: 0x1, Param3: 0x162, Param4: 0x162, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0xF, Param2: 0x1, Param3: 0xDC, Param4: 0x19E, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xF, P aram2: 0x1, Param3: 0x19E, Param4: 0x19E, Param5: 0x0, Path: 0x46C: \REGISTRY\MA CHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x10, Param2: 0x1, Param3: 0xDC, Param4: 0xE0, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x10, Param2: 0x1, Param3: 0xE0, Param4: 0xE0, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x11, Param2: 0x1, Param3: 0xDC, Param4: 0x114, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x11, Param2: 0x1, Param3: 0x114, Param4: 0x114, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x12, Param2: 0x1, Param3: 0xDC, Param4: 0xAC, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x13, Param2: 0x1, Param3: 0xDC, Param4: 0x15E, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x13,
Param2: 0x1, Param3: 0x15E, Param4: 0x15E, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x14, Param2: 0x1, Param3: 0xDC, Param4: 0x192, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x14, Param2: 0x1, Param3: 0x192, Param4: 0x192, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x15, Param2: 0x1, Param3: 0xDC, Param4: 0x132, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x15, Param2: 0x1, Param3: 0x132, Param4: 0x132, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x16, Param2: 0x1, Param3: 0xDC, Param4: 0x15E, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x16, Param2: 0x1, Param3: 0x15E, Param4: 0x15E, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x17, Param2: 0x1, Param3: 0xDC, Param4: 0x13A, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x17, Param2: 0x1, Param3: 0x13A, Param4: 0x13A, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x18, Param2: 0x1, Param3: 0xDC, Param4: 0x15E, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x18, Param2: 0x1, Param3: 0x15E, Param4: 0x15E, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x19, Param2: 0x1, Param3: 0xDC, Param4: 0x9C, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1A, Param2: 0x1, Param3: 0xDC, Param4: 0x98, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x1B, Param2: 0x1, Param3: 0xDC, Param4: 0xE0, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1B, Param2: 0x1, Param3: 0xE0, Param4: 0xE0, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1C, Param2: 0x1, Param3: 0xDC, Param4: 0x9A, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1D, Param2: 0x1, Param3: 0xDC, Param4: 0x9C, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1E, Param2: 0x1, Param3: 0xDC, Param4: 0xA0, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1F,
Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x20, Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x21, Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x22, Param2: 0x1, Param3: 0xDC, Param4: 0xE4, Param5: 0x0, Na me: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersio n\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x22, Param2: 0x1, Param3: 0xE4, Param4: 0xE4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x23, Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x24, Param2: 0x1, Param3: 0xDC, Param4: 0xA8, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x25, Param2: 0x1, Param3: 0xDC, Param4: 0xA4, Param5: 0x0, Path: 0x46C: \REGISTRY\MAC HINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x26, Param2: 0x1, Param3: 0xDC, Param4: 0x14A, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x26, Param2: 0x1, Param3: 0x14A, Param4: 0x14A, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports insufficient buffer. Status: 0x 80000005, Param1: 0x27, Param2: 0x1, Param3: 0xDC, Param4: 0x17E, Param5: 0x0, N ame: , Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersi on\FontLink\SystemLink. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x27, Param2: 0x1, Param3: 0x17E, Param4: 0x17E, Param5: 0x0, Path: 0x46C: \REGISTRY\M ACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x28, Param2: 0x1, Param3: 0xDC, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLi nk\SystemLink. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Disable, Path: 0x46C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\DataStore_V1.0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: DataFilePath, Path: 0x46C : \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\Da taStore_V1.0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x46C. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x46C, Path: \??\ C:\Windows\Fonts\staticcache.dat. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x46C: \Device\Har ddiskVolume1\Windows\Fonts\StaticCache.dat. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x
3C, Param3: 0x3C, Param4: 0x0, Param5: 0x0, Path: 0x46C: \Device\HarddiskVolume1 \Windows\Fonts\StaticCache.dat. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x930000, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x474, Path: 0x46C: \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74100 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x930000, Path: 0x474: . 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane1, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Plane2, Path: 0x478: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\Surrogat eFallback. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Name: Plane2, Path: 0x478: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\Surrogat eFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane3, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane4, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane5, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane6, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane7, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane8, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane9, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Curr entVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane10, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane11, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane12, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane13, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane14, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane15, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Plane16, Path: 0x478: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\Cur rentVersion\LanguagePack\SurrogateFallback.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x4, Param2: 0x B0, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\SOFTW ARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x1E, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x2A, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x20, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x1C, Param5: 0x0, Path: 0x478: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIB.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIB.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x7A000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIB.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P
aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuib.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x7A000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUII.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUII.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5F000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUII.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuii.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5F000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIZ.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIZ.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x62000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x478, Path: \?? \C:\WINDOWS\FONTS\SEGOEUIZ.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x478: \Device\Har ddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x47C, Path: 0x478: \Device\HarddiskVolume1\Windows\Fonts\segoeuiz.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x7D400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x62000, Path: 0x47C: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x7D40000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x47C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x478. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.
0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4DA0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1C68, P ath: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x57200 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x374000, Path: 0x37F1C68: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSID etailerDLL.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x7D40000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x374000, Path: 0x37F1 C68: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 1 2\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x57200000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: RaiseDefaultAuthnLevel, Path: 0x488: \REGISTRY\MACHINE\SOFTWARE\Microsoft \OLE\AppCompat. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DefaultAccessPermission, Path: 0x488: \REGISTRY\MACHINE\SOFTWARE\Microsof t\OLE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x488. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x484: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider.
0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x48C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x48C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x48C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x48C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5A, Param4: 0x0, Param5: 0x0, Path: 0x48C: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\Pr oxyStubClsid32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \REGISTRY\M ACHINE\Software\Microsoft\Rpc\Extensions. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x21A, Param3: 0x20, Param4: 0x0, Param5: 0x0, Name: NdrOleExtDLL, Path: 0x48 4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc\Extensions. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2C, Param4: 0x0, Param5: 0x0, Name: RemoteRpcDll, Path: 0x484 : \REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc\Extensions. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\RpcRtRemote.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\RpcRtRe mote.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\RpcRtRemote.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \??\C:\W indows\system32\RpcRtRemote.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x48C, Path: 0x
484: \Device\HarddiskVolume1\Windows\SysWOW64\RpcRtRemote.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6CDE0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xE000, Path: 0x48C: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x48C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20119, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \Registry\M achine\Software\Microsoft\SQMClient\Windows\DisabledProcesses\. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: 118F5EBF, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClient\Win dows\DisabledProcesses. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20119, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \Registry\M achine\Software\Microsoft\SQMClient\Windows\DisabledSessions\. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MachineThrottling, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMC lient\Windows\DisabledSessions. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20119, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x484, Path: \Registry\M achine\Software\Microsoft\SQMClient\Windows\DisabledSessions\. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: GlobalSession, Path: 0x484: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SQMClien t\Windows\DisabledSessions. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x484. 0x0C44: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x490, Path: 0xFFFFFFFE: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x49C. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x430: . 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: CSIDetailerDLL.INI, Path: 0x3F2C88: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4E18, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailer DLL.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P
aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1CD0, P ath: 0x3F4E18: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83400 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x370000, Path: 0x37F1CD0: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDe tailerDLL.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x8340000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1CD0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4E18, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F4DA0: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDe tailerDLL.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F4DA0: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDe tailerDLL.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F4E18: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F4E90, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1CD0, Path : 0x3F4E90: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x57200 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x374000, Path: 0x37F1CD0: \ Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\CSID etailerDLL.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1CD0: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1CD0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4E90. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\Microsoft.DirectX\1.0.2902.0__31bf38 56ad364e35. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_MSIL\Microsoft.DirectX\1.0.2902.0__31bf 3856ad364e35. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4E18, Path: \??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micro soft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1D38, P ath: 0x3F4E18: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8340000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3B000, Path: 0x37F1D 38: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__3 1bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8380000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3B000, Path: 0x37F1D 38: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__3 1bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x8340000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\ Type 001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\ Type 001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\ Type 001. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x5C, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\ Type 001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B0.
0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Type, Path: 0x4B0: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Micros oft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x4B0: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x4B0: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x4B0: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x4E, Param4: 0x0, Param5: 0x0, Name: Image Path, Path: 0x4B0: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\ Microsoft Strong Cryptographic Provider. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x4B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x4B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x4B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: MachineGuid, Path: 0x4B4: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x4B4, Path: \??\C: \Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Microsoft.DirectX.INI, Path: 0x4B4: \Device\HarddiskVolume1\Windows\ assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4B4. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F4F08, Path: \??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micro soft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F4E18: \D evice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf385 6ad364e35\Microsoft.DirectX.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0,
Name: , Path: 0x3F4E18: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft. DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \D evice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf385 6ad364e35\Microsoft.DirectX.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F4F08: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft. DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F4F80, Path: \??\C :\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1DA0, Path : 0x3F4F80: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2 902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8340000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3B000, Path: 0x37F1D A0: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__3 1bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1DA0: \Device\HarddiskV olume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micro soft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1DA0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4F80. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Microsoft.DirectX.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F4FF8, Path: \ ??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micros oft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\ HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364 e35\Microsoft.DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1E08, P ath: 0x3F4FF8: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x37000, Path: 0x37F1E08: \De
vice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856 ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x83C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F4FF8, Path: \ ??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micros oft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\ HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364 e35\Microsoft.DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1E08, P ath: 0x3F4FF8: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x37000, Path: 0x37F1E08: \De vice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856 ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x83C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F4FF8, Path: \ ??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micros oft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\ HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364 e35\Microsoft.DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1E08, P ath: 0x3F4FF8: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x37000, Path: 0x37F1E08: \De vice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856 ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x83C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x64, OutHandle: 0x3F4FF8, Path: \
??\C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Micros oft.DirectX.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\ HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364 e35\Microsoft.DirectX.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Win dows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.Direc tX.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1E08, P ath: 0x3F4FF8: \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1. 0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x83C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x37000, Path: 0x37F1E08: \De vice\HarddiskVolume1\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856 ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x83C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: CSIDetailerDLL.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Win dows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\Microsoft.VisualBasic.Compatibility\ 8.0.0.0__b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Micros oft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4B0, Path: \?? \C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5 f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4B8, Path: 0x4B0: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic. Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x62170 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x60000, Path: 0x4B8: . 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x83C0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x60000, Path: 0x4B8:
. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x62170000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x4C4, Path: \??\C: \Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f 11d50a3a\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Microsoft.VisualBasic.Compatibility.INI, Path: 0x4C4: \Device\Harddi skVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0_ _b03f5f7f11d50a3a. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4C4. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4C4, Path: \?? \C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5 f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4B0: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4B0: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsof t.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Comp atibility.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4C4: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4C4: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsof t.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Comp atibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Micros oft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4C8, Path: \??\C:\W indows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11 d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4CC, Path: 0x 4C8: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Com patibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x62170 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x60000, Path: 0x4CC: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4CC: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4C8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4C4. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4C4, Path: \?? \C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4C4: \Device\Har ddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls .nlp. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4C8, Path: 0x4C4: \Device\HarddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c 561934e089\sorttbls.nlp. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x84300 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5000, Path: 0x4C8: . 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4CC, Path: \?? \C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4CC: \Device\Har ddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey. nlp. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4D0, Path: 0x4CC: \Device\HarddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c 561934e089\sortkey.nlp. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x84500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x41000, Path: 0x4D0: . 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \Sessions\1\BaseNamedObjects\Global\NLS_00000C0A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D4, Path: \Sessions\1 \BaseNamedObjects\NLS_00000C0A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x84A00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x41000, Path: 0x4D4: \Sessio ns\1\BaseNamedObjects\NLS_00000C0A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryFullAttributesFile reports item not found: Status: 0 xC0000034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAF E.exe.config. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S
AFE.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S AFE.resources\SAFE.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S AFE.resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S AFE.resources\SAFE.resources.exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x1048, Param4: 0x126, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x1048, Param4: 0x19E, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x1048, Param4: 0x19E, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P aram2: 0x1, Param3: 0x1048, Param4: 0x18E, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0x1048, Param4: 0x176, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Program Files (x86) Computers an d Structures SAFE 12 SAFE.exe. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x5, Param2: 0x1, Param3: 0x1048, Param4: 0x9BFCD55D, Param5: 0x0, Na me: , Path: 0x4D8: \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C: Pr ogram Files (x86) Computers and Structures SAFE 12 SAFE.exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x1048, Param4: 0x1B6, Param5: 0x0, Path: 0x4D8: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Installer\A ssemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microsoft\Installer\A ssemblies\Global. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x2, Param2: 0x1, Param3: 0x1048, Param4: 0x95027ABD, Param5: 0x0, Na me: , Path: 0x4D8: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\ Software\Microsoft\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x0, P aram2: 0x1, Param3: 0x1048, Param4: 0x166, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1, P aram2: 0x1, Param3: 0x1048, Param4: 0x20A, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M
ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3, P aram2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4, P aram2: 0x1, Param3: 0x1048, Param4: 0x21A, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6, P aram2: 0x1, Param3: 0x1048, Param4: 0x222, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9, P aram2: 0x1, Param3: 0x1048, Param4: 0x21A, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA, P aram2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB, P aram2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xC, P aram2: 0x1, Param3: 0x1048, Param4: 0x202, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xD, P aram2: 0x1, Param3: 0x1048, Param4: 0x1E2, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xE, P aram2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xF, P aram2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\M ACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x10, Param2: 0x1, Param3: 0x1048, Param4: 0x21A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x11, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x12, Param2: 0x1, Param3: 0x1048, Param4: 0x21A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x13, Param2: 0x1, Param3: 0x1048, Param4: 0x212, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x14, Param2: 0x1, Param3: 0x1048, Param4: 0x22A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x15, Param2: 0x1, Param3: 0x1048, Param4: 0x22A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x16, Param2: 0x1, Param3: 0x1048, Param4: 0x22A, Param5: 0x0, Path: 0x4D8: \REGISTRY\
MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x17, Param2: 0x1, Param3: 0x1048, Param4: 0x232, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x18, Param2: 0x1, Param3: 0x1048, Param4: 0x232, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x19, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1A, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1B, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1C, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1D, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x1F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x20, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x21, Param2: 0x1, Param3: 0x1048, Param4: 0x208, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x22, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x23, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x24, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x25, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x26, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x27, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x28, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x29, Param2: 0x1, Param3: 0x1048, Param4: 0x1C0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2A, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\
MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2B, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2C, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2D, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x2F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x30, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x31, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x32, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x33, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x34, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x35, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x36, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x37, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x38, Param2: 0x1, Param3: 0x1048, Param4: 0x178, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x39, Param2: 0x1, Param3: 0x1048, Param4: 0x170, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3A, Param2: 0x1, Param3: 0x1048, Param4: 0x168, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3B, Param2: 0x1, Param3: 0x1048, Param4: 0x160, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3C, Param2: 0x1, Param3: 0x1048, Param4: 0x160, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3D, Param2: 0x1, Param3: 0x1048, Param4: 0x16A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3E, Param2: 0x1, Param3: 0x1048, Param4: 0x1A6, Param5: 0x0, Path: 0x4D8: \REGISTRY\
MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x3F, Param2: 0x1, Param3: 0x1048, Param4: 0x1BE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x40, Param2: 0x1, Param3: 0x1048, Param4: 0x1BE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x41, Param2: 0x1, Param3: 0x1048, Param4: 0x1C6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x42, Param2: 0x1, Param3: 0x1048, Param4: 0x1DE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x43, Param2: 0x1, Param3: 0x1048, Param4: 0x1DE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x44, Param2: 0x1, Param3: 0x1048, Param4: 0x1CC, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x45, Param2: 0x1, Param3: 0x1048, Param4: 0x1E4, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x46, Param2: 0x1, Param3: 0x1048, Param4: 0x1C0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x47, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x48, Param2: 0x1, Param3: 0x1048, Param4: 0x1B8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x49, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4A, Param2: 0x1, Param3: 0x1048, Param4: 0x208, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4B, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4C, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4D, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x4F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x50, Param2: 0x1, Param3: 0x1048, Param4: 0x1C8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x51, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x52, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\
MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x53, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x54, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x55, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x56, Param2: 0x1, Param3: 0x1048, Param4: 0x1A8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x57, Param2: 0x1, Param3: 0x1048, Param4: 0x1C0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x58, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x59, Param2: 0x1, Param3: 0x1048, Param4: 0x1B8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5A, Param2: 0x1, Param3: 0x1048, Param4: 0x1A8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5B, Param2: 0x1, Param3: 0x1048, Param4: 0x1B8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5C, Param2: 0x1, Param3: 0x1048, Param4: 0x1C8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5D, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5E, Param2: 0x1, Param3: 0x1048, Param4: 0x1C2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x5F, Param2: 0x1, Param3: 0x1048, Param4: 0x1D6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x60, Param2: 0x1, Param3: 0x1048, Param4: 0x1EE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x61, Param2: 0x1, Param3: 0x1048, Param4: 0x1EE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x62, Param2: 0x1, Param3: 0x1048, Param4: 0x1CA, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x63, Param2: 0x1, Param3: 0x1048, Param4: 0x1E2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x64, Param2: 0x1, Param3: 0x1048, Param4: 0x1E2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x65, Param2: 0x1, Param3: 0x1048, Param4: 0x162, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x66, Param2: 0x1, Param3: 0x1048, Param4: 0x1C8, Param5: 0x0, Path: 0x4D8: \REGISTRY\
MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x67, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x68, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x69, Param2: 0x1, Param3: 0x1048, Param4: 0x1C8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6A, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6B, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6C, Param2: 0x1, Param3: 0x1048, Param4: 0x208, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6D, Param2: 0x1, Param3: 0x1048, Param4: 0x218, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6E, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x6F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x70, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x71, Param2: 0x1, Param3: 0x1048, Param4: 0x210, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x72, Param2: 0x1, Param3: 0x1048, Param4: 0x210, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x73, Param2: 0x1, Param3: 0x1048, Param4: 0x208, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x74, Param2: 0x1, Param3: 0x1048, Param4: 0x218, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x75, Param2: 0x1, Param3: 0x1048, Param4: 0x218, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x76, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x77, Param2: 0x1, Param3: 0x1048, Param4: 0x1C0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x78, Param2: 0x1, Param3: 0x1048, Param4: 0x210, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x79, Param2: 0x1, Param3: 0x1048, Param4: 0x218, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7A, Param2: 0x1, Param3: 0x1048, Param4: 0x1D8, Param5: 0x0, Path: 0x4D8: \REGISTRY\
MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7B, Param2: 0x1, Param3: 0x1048, Param4: 0x1A0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7C, Param2: 0x1, Param3: 0x1048, Param4: 0x1D8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7D, Param2: 0x1, Param3: 0x1048, Param4: 0x1E0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x7F, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x80, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x81, Param2: 0x1, Param3: 0x1048, Param4: 0x1D8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x82, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x83, Param2: 0x1, Param3: 0x1048, Param4: 0x200, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x84, Param2: 0x1, Param3: 0x1048, Param4: 0x1D0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x85, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x86, Param2: 0x1, Param3: 0x1048, Param4: 0x1E8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x87, Param2: 0x1, Param3: 0x1048, Param4: 0x1D2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x88, Param2: 0x1, Param3: 0x1048, Param4: 0x1D2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x89, Param2: 0x1, Param3: 0x1048, Param4: 0x1D4, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8A, Param2: 0x1, Param3: 0x1048, Param4: 0x1EC, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8B, Param2: 0x1, Param3: 0x1048, Param4: 0x1EC, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8C, Param2: 0x1, Param3: 0x1048, Param4: 0x1DC, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8D, Param2: 0x1, Param3: 0x1048, Param4: 0x1F4, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F4, Param5: 0x0, Path: 0x4D8: \REGISTRY\
MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x8F, Param2: 0x1, Param3: 0x1048, Param4: 0x1DA, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x90, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x91, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x92, Param2: 0x1, Param3: 0x1048, Param4: 0x1D8, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x93, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x94, Param2: 0x1, Param3: 0x1048, Param4: 0x1F0, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x95, Param2: 0x1, Param3: 0x1048, Param4: 0x1C6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x96, Param2: 0x1, Param3: 0x1048, Param4: 0x1DE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x97, Param2: 0x1, Param3: 0x1048, Param4: 0x1DE, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x98, Param2: 0x1, Param3: 0x1048, Param4: 0x19A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x99, Param2: 0x1, Param3: 0x1048, Param4: 0x1EA, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9A, Param2: 0x1, Param3: 0x1048, Param4: 0x1A6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9B, Param2: 0x1, Param3: 0x1048, Param4: 0x1B6, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9C, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9D, Param2: 0x1, Param3: 0x1048, Param4: 0x196, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9E, Param2: 0x1, Param3: 0x1048, Param4: 0x1F2, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0x9F, Param2: 0x1, Param3: 0x1048, Param4: 0x202, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA0, Param2: 0x1, Param3: 0x1048, Param4: 0x20A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA1, Param2: 0x1, Param3: 0x1048, Param4: 0x150, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA2, Param2: 0x1, Param3: 0x1048, Param4: 0x140, Param5: 0x0, Path: 0x4D8: \REGISTRY\
MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA3, Param2: 0x1, Param3: 0x1048, Param4: 0x150, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA4, Param2: 0x1, Param3: 0x1048, Param4: 0x140, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA5, Param2: 0x1, Param3: 0x1048, Param4: 0x150, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA6, Param2: 0x1, Param3: 0x1048, Param4: 0x140, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA7, Param2: 0x1, Param3: 0x1048, Param4: 0x130, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA8, Param2: 0x1, Param3: 0x1048, Param4: 0x162, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xA9, Param2: 0x1, Param3: 0x1048, Param4: 0x162, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAA, Param2: 0x1, Param3: 0x1048, Param4: 0x162, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAB, Param2: 0x1, Param3: 0x1048, Param4: 0x152, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAC, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAD, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAE, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xAF, Param2: 0x1, Param3: 0x1048, Param4: 0x152, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB0, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB1, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB2, Param2: 0x1, Param3: 0x1048, Param4: 0x152, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB3, Param2: 0x1, Param3: 0x1048, Param4: 0x14A, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: SUCCESS: New_NtEnumerateValueKey succeeded. Status: 0x0, Param1: 0xB4, Param2: 0x1, Param3: 0x1048, Param4: 0x152, Param5: 0x0, Path: 0x4D8: \REGISTRY\ MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0xB5, Param2: 0x1, Param3: 0x1048, Param4: 0xBBAF1423, Param5: 0x0, N ame: , Path: 0x4D8: \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Glob al. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\culture.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\culture.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4DC, Path: 0x 4D8: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\Culture. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x84F0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x8000, Path: 0x4DC: . 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4DC: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4DC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x4D8: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\culture.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x4D8: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4D8: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\culture.dll, AsmDir: , ResourceName: Int Resource: 2, AppName: , HMod: 0x84F0000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: culture.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT \CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034,
Name: Microsoft.VisualBasic.Compatibility.dll, Path: 0x150: \REGISTRY\MACHINE\S OFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOp tions. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x84F0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x8500000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\es-ES\mscorrc.dll . 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\es-ES\mscorrc.dll .DLL. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\es\mscorrc.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4D8, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\es\mscorrc.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4DC, Path: 0x4D8: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\es\ms corrc.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x84F00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x65000, Path: 0x4DC: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4DC. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Globalization\es.nlp. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Globalization\es-es.nlp. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \Sessions\1\BaseNamedObjects\Global\NLS_0000040A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x4DC, Path: \Sessions\1 \BaseNamedObjects\NLS_0000040A_Exception_Table_3_2. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x85600 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x41000, Path: 0x4DC: \Sessio ns\1\BaseNamedObjects\NLS_0000040A_Exception_Table_3_2. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es\SAFE .resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es\SAFE .resources\SAFE.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es\SAFE .resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es\SAFE .resources\SAFE.resources.exe. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\WindowsCodecs.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00
00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Windows Codecs.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\WindowsCodecs.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \??\C:\W indows\system32\WindowsCodecs.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4E0, Path: 0x 4D8: \Device\HarddiskVolume1\Windows\SysWOW64\WindowsCodecs.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x74130 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xFB000, Path: 0x4E0: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4E0: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4E0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4D8. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x2000000, Param 2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x4D8, Path: \REGISTRY \USER\S-1-5-21-4048755273-3007554995-782353158-1001_Classes. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4E2. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\Globalization\en-us.nlp. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0 .0_es_b77a5c561934e089. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Wi ndows.Forms.resources.dll.
0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4E4, Path: \?? \C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c56 1934e089\System.Windows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4E8, Path: 0x4E4: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.r esources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A310 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6C000, Path: 0x4E8: . 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8620000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6C000, Path: 0x4E8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5A310000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x4EC, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c56193 4e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Windows.Forms.resources.INI, Path: 0x4EC: \Device\HarddiskVol ume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c5 61934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4EC. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4EC, Path: \?? \C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c56 1934e089\System.Windows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4E4: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0. 0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4E4: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.W indows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resource s.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4EC: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0. 0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4EC: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.W indows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resource s.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Wi
ndows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4F0, Path: \??\C:\W indows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e 089\System.Windows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4F4, Path: 0x 4F0: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms.reso urces\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.Resources.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A310 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6C000, Path: 0x4F4: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4EC. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0 .0_es-ES_b77a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0 .0.0_es-ES_b77a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_ es-ES_b77a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S ystem.Windows.Forms.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S ystem.Windows.Forms.resources\System.Windows.Forms.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S ystem.Windows.Forms.resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\S ystem.Windows.Forms.resources\System.Windows.Forms.resources.exe. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a 5c561934e089\comctl32.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6
975e2bd6f2b2. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x4EC, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17 514_none_41e6975e2bd6f2b2. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4F0, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17 514_none_41e6975e2bd6f2b2\comctl32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4F4, Path: 0x 4F0: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-control s_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6D0E0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x19E000, Path: 0x4F4: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x4F8, Path: \??\C:\W indows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4FC, Path: 0x4 F8: \Device\HarddiskVolume1\Windows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86900 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x4FC: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x500: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4F8: \Device\Har ddiskVolume1\Windows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x4F8: \Device \HarddiskVolume1\Windows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4F8: \Device\Har ddiskVolume1\Windows\WindowsShell.Manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x8690000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x0, File: C:\W indows\WindowsShell.Manifest, AsmDir: , ResourceName: , AppName: , HMod: 0x0 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.
0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIAL.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIAL.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xBF000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIAL.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arial.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xBF000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBD.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBD.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xB7000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBD.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arialbd.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xB7000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5
, Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x88000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\ariali.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x88000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x8A000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\WINDOWS\FONTS\ARIALBI.TTF. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Device\Har ddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\Fonts\arialbi.ttf. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x86D00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x8A000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4FC. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0008, Param2: 0x30, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x230: \Device\ KsecDD. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_es-ES_b77 a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es-ES_b 77a5c561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_es-ES_b77a5c 561934e089. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\m scorlib.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\m scorlib.resources\mscorlib.resources.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\m scorlib.resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\es-ES\m scorlib.resources\mscorlib.resources.exe. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 0003A, Path: \??\C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_es_b77a5c 561934e089. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089.
0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dl l. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x4FC, Path: \?? \C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\msc orlib.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x4F8, Path: 0x4FC: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0 .0.0_es_b77a5c561934e089\mscorlib.Resources.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x61F50 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4E000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x8750000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4E000, Path: 0x4F8: . 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61F50000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \??\C: \Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: mscorlib.resources.INI, Path: 0x500: \Device\HarddiskVolume1\Windows \assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x500, Path: \?? \C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\msc orlib.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x4FC: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5 c561934e089\mscorlib.Resources.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x4FC: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib .resources\2.0.0.0_es_b77a5c561934e089\mscorlib.Resources.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x500: \Devi ce\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5 c561934e089\mscorlib.Resources.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x500: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib .resources\2.0.0.0_es_b77a5c561934e089\mscorlib.Resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dl
l. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x504, Path: \??\C:\W indows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib .resources.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x508, Path: 0x 504: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0. 0_es_b77a5c561934e089\mscorlib.Resources.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x61F50 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4E000, Path: 0x508: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x508: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x508. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x329B280, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x12, Param5: 0x0, Path: 0x500: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_3 2\NI\6faf58\19ab8d57. 0x0A10: INFO: New_NtEnumerateValueKey reports no more data. Status: 0x8000001 A, Param1: 0x0, Param2: 0x1, Param3: 0x20A, Param4: 0x0, Param5: 0x0, Name: , Pa th: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50 727_32\NI\6faf58\19ab8d57. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x56, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 6faf58\19ab8d57\1.
0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: ConfigMask, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6 faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: ConfigString, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\ 6faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x1C, Param4: 0x0, Param5: 0x0, Name: MVID, Path: 0x500: \REGIS TRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\ 19ab8d57\1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EvalationData, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\N ativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x500: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf5 8\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x48, Param4: 0x0, Param5: 0x0, Name: ILDependencies, Path: 0x5 00: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\6faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x34, Param4: 0x0, Param5: 0x0, Name: NIDependencies, Path: 0x5 00: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ NI\6faf58\19ab8d57\1. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MissingDependencies, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fu sion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\1. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x66, Param4: 0x0, Param5: 0x0, Name: DisplayName, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 75638fee\7566cac\10. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Status, Path: 0x500: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638 fee\7566cac\10. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Modules, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeI magesIndex\v2.0.50727_32\IL\75638fee\7566cac\10. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x30, Param4: 0x0, Param5: 0x0, Name: SIG, Path: 0x500: \REGIST RY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee \7566cac\10. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: LastModTime, Path: 0x500: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\ 75638fee\7566cac\10. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x14, Param4: 0x0, Param5: 0x0, Name: System.Data.SqlXml,2.0.0. 0,,b77a5c561934e089,MSIL, Path: 0x200: \REGISTRY\MACHINE\Software\Microsoft\Fusi on\GACChangeNotification\Default. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x
C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System .Xml.ni.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \??\C:\W indows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158 a04203\System.Xml.ni.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x504, Path: 0x 500: \Device\HarddiskVolume1\Windows\assembly\NativeImages_v2.0.50727_32\System. Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5E140 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x536000, Path: 0x504: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \??\C: \Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: System.Xml.INI, Path: 0x500: \Device\HarddiskVolume1\Windows\assembl y\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\shfolder.dll. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\shfolde r.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\shfolder.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x500, Path: \??\C:\W indows\system32\shfolder.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x504, Path: 0x 500: \Device\HarddiskVolume1\Windows\SysWOW64\shfolder.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x6CD00 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5000, Path: 0x504: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: System.Xml.ni.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Wind ows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.
0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Category, Path: 0x504: \R EGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\F olderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: Name, Path: 0x504: \REGIS TRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Folde rDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParentFolder, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7 B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Description, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B 8E7F157091}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x28, Param4: 0x0, Param5: 0x0, Name: RelativePath, Path: 0x504 : \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explor er\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: ParsingName, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsof t\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B 8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InfoTip, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Wi ndows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F 157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: LocalizedName, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micros oft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D557B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Icon, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windo ws\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157 091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Security, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7 F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResource, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Micro soft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55 -7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: StreamResourceType, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\M icrosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF9D55-7B8E7F157091}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: LocalRedirectOnly, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\e xplorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Roamable, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\W indows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7 F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreCreate, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\
Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E 7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Stream, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Win dows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F1 57091}. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: PublishExpandedPath, Path : 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion \explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Attributes, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft \Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8 E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: FolderTypeID, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microso ft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7 B8E7F157091}. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: InitFolderHandler, Path: 0x504: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Mi crosoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9 D55-7B8E7F157091}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x504, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x504. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x44, Param4: 0x0, Param5: 0x0, Name: Local AppData, Path: 0x50 0: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Microso ft\Windows\CurrentVersion\Explorer\User Shell Folders. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x500. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\SafeDefaultFormatFile.fmt. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.
0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x0, Param4: 0x1, Param5: 0x400060, OutHandle: 0x3F4F08, Pat h: \??\C:\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.in i. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.in i. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x508, Path: \Sessions\1 \BaseNamedObjects\Global\NLS_CodePage_1252_3_2_0_0. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x87A00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11000, Path: 0x508: \BaseNa medObjects\NLS_CodePage_1252_3_2_0_0. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \Device\ HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1E3, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08: \Device\HarddiskV olume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: INFO: New_NtReadFile reports no more data. Status: 0xC0000011, Param1 : 0x0, Param2: 0x1D, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F4F 08: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SA FEv12.ini. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\lsapiw32.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F4F08, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\lsapiw32.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\lsapiw32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1E08, Path
: 0x3F4F08: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\lsapiw32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x86B0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xE000, Path: 0x37F1E0 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ lsapiw32.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\lsapiw32.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1E08. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4F08. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: lsapiw32.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows N T\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: Returning from method New_GetCommandLineA with: "C:\Program Fil es (x86)\Computers and Structures\SAFE 12\SAFE.exe". 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x82, Param4: 0x1, Param5: 0x0, Name: CSI_SentinelLM.log, Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and S tructures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x82, Param4: 0x1, Param5: 0x0, Name: CSI_SentinelLM.log, Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and S tructures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\CSI_SentinelLM.log. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x
C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x82, Param4: 0x1, Param5: 0x0, Name: CSI_SentinelLM.log, Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and S tructures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\CSI_SentinelLM.log. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x10080, Param2 : 0x7, Param3: 0x204040, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F4FF8, Path: \? ?\C:\Users\MarK\AppData\Local\Computers and Structures\CSI_SentinelLM.log. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x2 3, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\H arddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\CSI_SentinelLM. log. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xD, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Device\Hard diskVolume1\Users\MarK\AppData\Local\Computers and Structures\CSI_SentinelLM.log . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x40100080, P aram2: 0x0, Param3: 0x0, Param4: 0x5, Param5: 0x400060, OutHandle: 0x3F4FF8, Pat h: \??\C:\Users\MarK\AppData\Local\Computers and Structures\CSI_SentinelLM.log. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\CSI_Sentin elLM.log. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\CSI_Sentin elLM.log. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\tzres.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x514, Path: \??\ C:\Windows\system32\tzres.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P
aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x518, Path: 0x514: \Device\HarddiskVolume1\Windows\SysWOW64\tzres.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x88C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x518: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32C8EC8, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\tzres.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x518, Path: \??\ C:\Windows\system32\tzres.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x514, Path: 0x518: \Device\HarddiskVolume1\Windows\SysWOW64\tzres.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x88C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x514: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x32C8EC8, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\License Manager\ Level.txt. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Level.txt. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x514, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x514: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: INFO: New_NtOpenFile reports item not found: Status: 0xC0000034, Path : \??\C:\Windows\system32\UxTheme.dll.Config. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x514, Path: \??\C:\W indows\system32\UxTheme.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x514: \Device \HarddiskVolume1\Windows\SysWOW64\uxtheme.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x514: \Device\Har ddiskVolume1\Windows\SysWOW64\uxtheme.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: , A smDir: , ResourceName: Int Resource: 1, AppName: , HMod: 0x74AE0000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x514, Path: \??\C:\W indows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17 514_none_41e6975e2bd6f2b2. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\ole32.dll.
0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x518, Path: \??\C:\W indows\system32\ole32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x514, Path: 0x 518: \Device\HarddiskVolume1\Windows\SysWOW64\ole32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9A60000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x15C000, Path: 0x514: . 0x0A10: SUCCESS: New_NtAreMappedFilesTheSame succeeded. Status: 0x0, Param1: 0x 76950000, Param2: 0x9A60000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A60000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Enable, Path: 0x514: \REG ISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\ LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x51C, Path: \Sessions\1 \BaseNamedObjects\Local\CTF.AsmListCache.FMPDefault1. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x88C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3000, Path: 0x51C: \Session s\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\
SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x1, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x520: \REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A5 69205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x6, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x0, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x1, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x3, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x4, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x5, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x520: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Categ ory\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x6, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x520: \REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8 F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x7, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x8, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x9, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xA, Param2
: 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xB, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xC, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xD, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xE, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0xF, Param2 : 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE\ SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtEnumerateKey succeeded. Status: 0x0, Param1: 0x10, Param 2: 0x0, Param3: 0x120, Param4: 0x5C, Param5: 0x0, Path: 0x51C: \REGISTRY\MACHINE \SOFTWARE\Microsoft\CTF\TIP. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x11, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0x51C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x51C, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Language Hotkey, Path: 0x520: \REGISTRY\USER\S-1-5-21-4048755273-30075549 95-782353158-1001\Keyboard Layout\Toggle. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Hotkey, Path: 0x520: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353 158-1001\Keyboard Layout\Toggle. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Layout Hotkey, Path: 0x520: \REGISTRY\USER\S-1-5-21-4048755273-3007554995 -782353158-1001\Keyboard Layout\Toggle. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x520, Path: \Sessions\1 \BaseNamedObjects\Local\CTF.AsmListCache.FMPDefault1. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x88C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x3000, Path: 0x520: \Session s\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x88C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF
FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x520, Path: \REGISTRY\U SER\S-1-5-21-4048755273-3007554995-782353158-1001. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x520. 0x0A10: INFO: New_NtEnumerateKey reports no more data. Status: 0x8000001A, Pa ram1: 0x0, Param2: 0x0, Param3: 0x120, Param4: 0x0, Param5: 0x0, Name: , Path: 0 x51C: \REGISTRY\USER\S-1-5-21-4048755273-3007554995-782353158-1001\Software\Micr osoft\CTF\DirectSwitchHotkeys. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: EnableAnchorContext, Path: 0x51C: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\ Microsoft\CTF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x51C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F5070, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll . 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1E70, P ath: 0x3F5070: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x609C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6E000, Path: 0x37F1E70: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x92E0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6E000, Path: 0x37F1E 70: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x609C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x430: . 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Interop.CsiGoLib.INI, Path: 0x3F2C88: \Device\HarddiskVolume1\Progra m Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F50E8, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Interop.Csi GoLib.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1ED8, P ath: 0x3F50E8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93500 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6A000, Path: 0x37F1ED8: \De vice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Intero p.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9350000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1ED8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F50E8, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll . 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F5070: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.CsiGoLib.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F5070: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.CsiGoLib.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F50E8: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5160, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1ED8, Path
: 0x3F5160: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\Interop.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x609C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6E000, Path: 0x37F1ED8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.CsiGoLib.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1ED8: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.dll . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1ED8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5160. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F50E8, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1F40, P ath: 0x3F50E8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x620C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14000, Path: 0x37F1F40: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.DAO.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9350000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14000, Path: 0x37F1F 40: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \Interop.DAO.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x620C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x430: . 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Program Files (x86)\Computers and Structures\SAFE 12\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: Interop.DAO.INI, Path: 0x3F2C88: \Device\HarddiskVolume1\Program Fil es (x86)\Computers and Structures\SAFE 12\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F51D8, Path: \ ??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll.
0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8: \Device\ HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO .dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x37F1FA8, P ath: 0x3F51D8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structu res\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93700 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x10000, Path: 0x37F1FA8: \De vice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Intero p.DAO.dll. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9370000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1FA8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F51D8, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F50E8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.DAO.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F50E8: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x1, Param2: 0x18, Param3: 0x12, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter op.DAO.dll. 0x0A10: INFO: New_NtQueryInformationFile reports insufficient buffer. Status: 0x80000005, Param1: 0x12, Param2: 0x68, Param3: 0x68, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F51D8: \Device\HarddiskVolume1\Program Files (x86)\Computers a nd Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5250, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F1FA8, Path : 0x3F5250: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x620C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x14000, Path: 0x37F1FA8: \D evice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\Inter
op.DAO.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1FA8: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F1FA8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5250. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x16, Param4: 0x0, Param5: 0x0, Name: User Name, Path: 0x538: \ REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Computers and Structures, Inc.\SAFE\12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x538. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0xE, Param4: 0x0, Param5: 0x0, Name: Company Name, Path: 0x538: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Computers and Structures, Inc.\SAFE\12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x538. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Serial Number, Path: 0x538: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Comput ers and Structures, Inc.\SAFE\12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x538. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x7E, Param4: 0x0, Param5: 0x0, Name: Install Path, Path: 0x538 : \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Computers and Structures, Inc.\SAFE\12. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x538. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo.DLL. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F51D8, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo.DLL. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\csigo.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2010, Path : 0x3F51D8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\csigo.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9E60000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x458000, Path: 0x37F2 010: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 1 2\csigo.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2010: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\csigo.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2010. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F51D8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x54C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu
al\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C9931DEFFB6AE0.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C993 1DEFFB6AE0.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x550: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x554, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x554: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x554. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C9931DEFFB6AE0.2.ma nifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C9931DEFFB6AE0. 2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\csigo.dll_0x06A0B0D14D8FD29438C9931DEFFB6AE0.2.ma nifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9380000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo.DLL, AsmDir: , Resour ceName: Int Resource: 2, AppName: , HMod: 0x9E60000 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F52C8, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2078, Path : 0x3F52C8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x93A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x39000, Path: 0x37F20 78: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \CsiGo_a.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2078: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2078. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F52C8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x554, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CADBDE109C7EE25.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x558, Path: 0x5 54: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CAD BDE109C7EE25.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x558: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x55C, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x55C: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x55C. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x554: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CADBDE109C7EE25.2. manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x554: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CADBDE109C7EE2 5.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x554: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_a.dll_0x4053694B337B53038CADBDE109C7EE25.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x554. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9380000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_a.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0x93A0000 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_n.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_n.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5340, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_n.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\csigo_n.dll.
0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F20E0, Path : 0x3F5340: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\csigo_n.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0xA2C0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x2D2000, Path: 0x37F2 0E0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 1 2\csigo_n.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F20E0: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\csigo_n.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F20E0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5340. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x55C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC992FD78137698D.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x560, Path: 0x5 5C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC99 2FD78137698D.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x560: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x564, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x564: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x55C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC992FD78137698D.2. manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x55C: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC992FD78137698 D.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x55C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\csigo_n.dll_0x64378CCDA5E00ED1AC992FD78137698D.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x55C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x560. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9380000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_n.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0xA2C0000
0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x560, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\Microsoft.VC80.CRT@8.0.50727.762\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\SxS\Micros oft.VC80.CRT@8.0.50727.762\MSVCR80.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x55C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\Microsoft.VC80.CRT@8.0.50727.762\MSVCR80.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x564, Path: 0x 55C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\1 2.1.1.0\2009.05.01T11.29\Virtual\SXS\Microsoft.VC80.CRT@8.0.50727.762\msvcr80.dl l. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A270 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9B000, Path: 0x564: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x55C. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\libguide40.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\libguide40.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F53B8, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\libguide40.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\libguide40.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2148, Path : 0x3F53B8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\libguide40.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9930000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x64000, Path: 0x37F21 48: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \libguide40.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2148: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\libguide40.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5430, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll.
0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F21B0, Path : 0x3F5430: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9380000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x6000, Path: 0x37F21B 0: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ CsiGo_d.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F21B0: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F21B0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5430. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1D2A8EEDE9774.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x574, Path: 0x5 70: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1 D2A8EEDE9774.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x99A00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x574: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x578, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x578: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x578. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1D2A8EEDE9774.2. manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1D2A8EEDE977 4.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_d.dll_0x1A41C3AEE1A7F2780CB1D2A8EEDE9774.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x574. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\
Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_d.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0x9380000 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x574, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\Microsoft.VC80.CRT@8.0.50727.762\. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\Microsoft.VC80.CRT@8.0.50727.762\. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F54A8, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2218, Path : 0x3F54A8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x99A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xD000, Path: 0x37F221 8: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\ CsiGo_b.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2218: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2218. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F54A8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x580, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F52974BB4B1B5D.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x584, Path: 0x5 80: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F5 2974BB4B1B5D.2.manifest. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x99C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x584: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x588, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x588: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x588. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x580: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F52974BB4B1B5D.2.
manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x580: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F52974BB4B1B5 D.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x580: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_b.dll_0xE32E002AA4A681C4C6F52974BB4B1B5D.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x580. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_b.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0x99A0000 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x584, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\Microsoft.VC80.CRT@8.0.50727.762\. 0x0A10: INFO: New_NtOpenSection reports item not found: Status: 0xC0000034, P ath: \KnownDlls32\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F5520, Path: \??\C :\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll. 0x0A10: INFO: Faulting in section backed by file: \Device\HarddiskVolume1\Pro gram Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x37F2280, Path : 0x3F5520: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures \SAFE 12\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x99E0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x49000, Path: 0x37F22 80: \Device\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12 \CsiGo_f.dll. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2280: \Device\HarddiskV olume1\Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x37F2280. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F5520. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x1200A9, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x58C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74AC0793D32B77E.2.manifest. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x4, Param 2: 0x0, Param3: 0x2, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x590, Path: 0x5 8C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12 .1.1.0\2009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74A C0793D32B77E.2.manifest.
0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x99C00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x590: . 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x594, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x594: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x594. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x58C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74AC0793D32B77E.2. manifest. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x58C: \Device \HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009 .05.01T11.29\Virtual\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74AC0793D32B77 E.2.manifest. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x58C: \Device\Har ddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05. 01T11.29\Virtual\SXS\Manifests\CsiGo_f.dll_0x4079BB2C2CE00EAAA74AC0793D32B77E.2. manifest. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x58C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x590. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Program Files (x86)\Computers and Structures\SAFE 12\CsiGo_f.dll, AsmDir: , Reso urceName: Int Resource: 2, AppName: , HMod: 0x99E0000 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x590, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\Microsoft.VC80.CRT@8.0.50727.762\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\App Data\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtual\SxS\Micros oft.VC80.CRT@8.0.50727.762\MSVCP80.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x58C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SxS\Microsoft.VC80.CRT@8.0.50727.762\MSVCP80.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x594, Path: 0x 58C: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\1 2.1.1.0\2009.05.01T11.29\Virtual\SXS\Microsoft.VC80.CRT@8.0.50727.762\msvcp80.dl l. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x592B0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x87000, Path: 0x594: . 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x594: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x594. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x58C. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param
2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x58C, Path: \??\C:\U sers\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2009.05.01T11.29\Virtu al\SXS\Manifests\. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2 009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_g.DLL. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9E60000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9390000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99E0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x592B0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A30000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x590. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x93A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x93E0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9380000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x99B0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x574. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA2C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9930000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5A270000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x560. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x560. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x560, Path: \Sessions\1 \BaseNamedObjects\Global\__ComCatalogCache__. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93800 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x560: \BaseNam edObjects\__ComCatalogCache__. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x10, Param4: 0x0, Param5: 0x0, Name: Com+Enabled, Path: 0x564: \REGISTRY\MACHINE\SOFTWARE\Microsoft\COM3. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2:
0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x564, Path: \KnownDlls3 2\CLBCatQ.DLL. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x766C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x83000, Path: 0x564: \Known Dlls32\clbcatq.dll. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564: \KnownDlls32\clbcatq. dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Interop.CsiGoLib.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\W indows NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: Interop.DAO.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Window s NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: MaxSxSHashCount, Path: 0x558: \REGISTRY\MACHINE\SOFTWARE\Microsoft\OLE. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x554. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Users\MarK\AppData\Local\Xenocode\Sandbox\SAFEv12\12.1.1.0\2 009.05.01T11.29\Virtual\SXS\Manifests\CsiGo_g.dll. 0x0A10: WARNING: Call to New_CoGetClassObject failed with hr: 0x8007007E, Clsid BC5F5EEC-6B31-412E-AA4AF747F49A461C, Param1: 0x15, Param2: 0x0, Param3: 0x0. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x0, OutHandle: 0x554, Path: \??\C :\Windows\syswow64\es-ES\KERNELBASE.dll.mui. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF0005, P aram2: 0x0, Param3: 0x8, Param4: 0x8000000, Param5: 0x0, OutHandle: 0x558, Path: 0x554: \Device\HarddiskVolume1\Windows\SysWOW64\es-ES\KernelBase.dll.mui. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x99200 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0xD8000, Path: 0x558: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x558. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ
er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x572. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xC8, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2E, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server . 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xC8, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x2E, Param4: 0x0, Param5: 0x0, Path: 0x572: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x572. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0,
Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x 570: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\diasymre ader.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0x9E60000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x8D000, Path: 0x550: . 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x0, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \Registry\M ACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: PreferExternalManifest, Path: 0x570: \Registry\MACHINE\Software\Microsoft \Windows\CurrentVersion\SideBySide. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x120089, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\W indows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x4 , Param2: 0x28, Param3: 0x28, Param4: 0x0, Param5: 0x0, Path: 0x570: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x570. 0x0A10: SUCCESS: Call to New_CreateActCtxW succeeded with Flags: 0x88, File: C:\ Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll, AsmDir: , ResourceN ame: Int Resource: 2, AppName: , HMod: 0x9E60000 0x0A10: INFO: New_NtOpenKey reports item not found: Status: 0xC0000034, Path: \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\Assembly StorageRoots. 0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e.Local\. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\WinSxS \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100020, Param 2: 0x3, Param3: 0x21, Param4: 0x0, Param5: 0x0, OutHandle: 0x570, Path: \??\C:\W indows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154 e044272b9a. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: diasymreader.dll, Path: 0x150: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windo ws NT\CurrentVersion\Image File Execution Options\DllNXOptions. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF.
0x0A10: INFO: New_NtQueryAttributesFile reports item not found: Status: 0xC00 00034, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.PD B. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x3F53B8, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Dev ice\HarddiskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.ex e. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Harddisk Volume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVo lume1\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\symbols\exe\SAFE.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\exe\SAFE.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\SAFE.pdb. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2
1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x552. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x550, Path: \?? \C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device \HarddiskVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\msco rlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll . 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVol ume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll . 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll . 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll . 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.p db. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\symbols\dll\mscorlib.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\dll\mscorlib.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\mscorlib.pdb. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 180, Param3: 0x8C, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-2 1-4048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x4DA: \REGISTRY\USER\S-1-5-21-4 048755273-3007554995-782353158-1001_CLASSES. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x3, Param2: 0x 188, Param3: 0xD8, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFT WARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServ er32. 0x0A10: SUCCESS: New_NtQueryKey succeeded. Status: 0x0, Param1: 0x7, Param2: 0x 4, Param3: 0x4, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\SOFTWAR E\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer3 2. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryValueKey succeeded. Status: 0x0, Param1: 0x2, Param 2: 0x90, Param3: 0x24, Param4: 0x0, Param5: 0x0, Path: 0x552: \REGISTRY\MACHINE\ SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Inproc Server32. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x552. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x80, Param3: 0x1, Param4: 0x1, Param5: 0x60, OutHandle: 0x550, Path: \?? \C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Sys tem.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device \HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c5 61934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVol ume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Sy stem.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xE, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\Harddis kVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e08 9\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 200, Param3: 0x200, Param4: 0x0, Param5: 0x0, Path: 0x550: \Device\HarddiskVolum e1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e 089\System.Windows.Forms.pdb.
0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\symbols\dll\System.Windows.Forms.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC000003A, Pa th: \??\C:\Windows\dll\System.Windows.Forms.pdb. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Windows\System.Windows.Forms.pdb. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x550, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x54C, Path: 0x5 50: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x556D0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45A000, Path: 0x54C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x556D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x550, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x54C, Path: 0x5 50: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x55270 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45A000, Path: 0x54C: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x55270000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v4.0.30319. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x1, Param4: 0x1, Param5: 0x400060, OutHandle: 0x54C, Path: \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.confi g. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device \HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.confi g. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x5 , Param2: 0x18, Param3: 0x18, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\Har ddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x1000, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVol ume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: SUCCESS: New_NtReadFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x 1000, Param3: 0x36F, Param4: 0x0, Param5: 0x0, Path: 0x54C: \Device\HarddiskVolu me1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config. 0x0A10: INFO: New_NtReadFile reports no more data. Status: 0xC0000011, Param1 : 0x0, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x54 C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\mac hine.config. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x
C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: INFO: New_NtCreateFile reports item not found: Status: 0xC0000034, Pa th: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe.config. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\SAFE.exe. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Visual Basic.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasi c.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Mic rosoft.VisualBasic.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0. 0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A270 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9A000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C.
0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5A270000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasi c.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Mic rosoft.VisualBasic.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0. 0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x592A0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9A000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x592A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c5619 34e089\System.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60440 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x30E000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x60440000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x
C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c5619 34e089\System.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60440 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x30E000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x60440000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Fo rms.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms. dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0 .0__b77a5c561934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5F360 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4CE000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5F360000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.
dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst em.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0 .0__b77a5c561934e089\System.Windows.Forms.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5F360 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4CE000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5F360000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Dra wing.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b0 3f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5FAF0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5FAF0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Dra wing.dll.
0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b0 3f5f7f11d50a3a\System.Drawing.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5FAF0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x9C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5FAF0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime .Remoting.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Rem oting.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\S ystem.Runtime.Remoting.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2. 0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x60920 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x60920000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Rem oting.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\S ystem.Runtime.Remoting.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5
4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2. 0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x5A2C0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x4C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x5A2C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\CSIDetailerDLL.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0.
0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Micros oft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Micros oft.VisualBasic.Compatibility.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\Syste m.Windows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Wi ndows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Wi ndows.Forms.resources.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Mi crosoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x
C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x556D0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45A000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x556D0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\Micros oft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib. dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x55270 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x45A000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x55270000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\as sembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c 561934e089\System.XML.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x57000 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1F8000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x57000000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\assemb ly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x54C, Path: \??\ C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll . 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x5 4C: \Device\HarddiskVolume1\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c 561934e089\System.XML.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x55930 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1F8000, Path: 0x550: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x55930000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.CsiGoLib.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x
C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Fi les (x86)\Computers and Structures\SAFE 12\Interop.DAO.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Program Files (x86)\Computers and Structures\SAFE 12\Interop.DAO.DLL. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9920000, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x329B280, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: TurnOffSPIAnimations, Path: 0x54C: \REGISTRY\MACHINE\SOFTWARE\Microsoft\W indows\CurrentVersion\Policies\Explorer. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Windows\system 32\ole32.dll. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100021, Param 2: 0x5, Param3: 0x60, Param4: 0x0, Param5: 0x0, OutHandle: 0x54C, Path: \??\C:\W indows\system32\ole32.dll. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0xF, Param 2: 0x0, Param3: 0x10, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x550, Path: 0x 54C: \Device\HarddiskVolume1\Windows\SysWOW64\ole32.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0xA0A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x15C000, Path: 0x550: . 0x0A10: SUCCESS: New_NtAreMappedFilesTheSame succeeded. Status: 0x0, Param1: 0x 76950000, Param2: 0xA0A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA0A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0x4, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x54C, Path: \Sessions\1 \BaseNamedObjects\Global\__ComCatalogCache__. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x93B00 00, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x1000, Path: 0x54C: \BaseNam
edObjects\__ComCatalogCache__. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x584. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x550. 0x0A10: WARNING: Call to New_CoCreateInstanceEx failed with hr: 0x80040154, Clsi d FA445657-9379-11D6-B41A00065B83EE53, Param1: 0x1, Param2: 0x1, Param3: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1174: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0: \KernelObje cts\LowMemoryCondition. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x9A88698, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x00AC: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C: . 0x00AC: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C: . 0x00AC: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x260. 0x00AC: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C. 0x00AC: INFO: Thread terminating.. 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x6, Param1: 0 x1C, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0D34: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1B, Param1: 0x1C, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x23C: . 0x0C44: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0C44: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x424. 0x0C44: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x320. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x329B280, Param3: 0x3, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x91000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x181000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F2C88, Path: \?? \C:\Users\MarK\AppData\Local\Computers and Structures\. 0x0A10: SUCCESS: New_NtQueryDirectoryFile succeeded. Status: 0x0, Param1: 0x3, Param2: 0x268, Param3: 0x74, Param4: 0x1, Param5: 0x0, Name: SAFEv12.ini, Path:
0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structu res\. 0x0A10: INFO: New_NtQueryDirectoryFile reports no more data. Status: 0x800000 06, Param1: 0x3, Param2: 0x1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Name: , Path: 0x3F2C88: \Device\HarddiskVolume1\Users\MarK\AppData\Local\Computers and S tructures\. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F2C88. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryFullAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK \AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x10080, Param2 : 0x7, Param3: 0x204040, Param4: 0x0, Param5: 0x0, OutHandle: 0x3F53B8, Path: \? ?\C:\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtQueryInformationFile succeeded. Status: 0x0, Param1: 0x2 3, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\H arddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtSetInformationFile succeeded. Status: 0x0, Param1: 0xD, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\Hard diskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x40100080, P aram2: 0x0, Param3: 0x0, Param4: 0x5, Param5: 0x400060, OutHandle: 0x3F53B8, Pat h: \??\C:\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.in i. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryVolumeInformationFile succeeded. Status: 0x0, Param 1: 0x4, Param2: 0x8, Param3: 0x8, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Dev ice\HarddiskVolume1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.in i. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x9, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x57, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum
e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x11, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xB, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xA, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x11, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x10, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x10, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x10, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu
me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x10, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x6, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xB, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x12, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x14, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x11, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xA, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum
e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xE, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x12, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolu me1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 xD, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x9, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtWriteFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0 x2, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8: \Device\HarddiskVolum e1\Users\MarK\AppData\Local\Computers and Structures\SAFEv12.ini. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F53B8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x3F4FF8. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1FC: . 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x1174: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1D0: \KernelObje cts\LowMemoryCondition. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x102, Param1: 0x1, Param2: 0x1, Param3: 0x2, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x1174: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x45C. 0x1174: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x508. 0x1174: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x87A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x1174: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x458. 0x03AC: SUCCESS: New_NtDuplicateObject succeeded. Status: 0x0, Param1: 0xFFFFFF FF, Param2: 0xFFFFFFFF, Param3: 0x0, Param4: 0x0, Param5: 0x2, OutHandle: 0x458,
Path: 0xFFFFFFFE: . 0x03AC: INFO: New_NtClose given invalid handle: Handle: 0x0. 0x03AC: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA19FDC4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x03AC: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA19FDD0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x03AC: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA0A1000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x03AC: INFO: New_NtOpenFile reports item not found: Status: 0xC0000034, Path : \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.4 344.1707477. 0x03AC: INFO: New_NtOpenFile reports item not found: Status: 0xC0000034, Path : \??\C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config. cch.4344.1707477. 0x03AC: INFO: New_NtOpenFile reports item not found: Status: 0xC000003A, Path : \??\C:\Users\MarK\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 \security.config.cch.4344.1707477. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x0, Param1: 0 x2, Param2: 0x1, Param3: 0x1, Param4: 0x0, Param5: 0x0, Path: 0x178: . 0x0A10: SUCCESS: New_NtOpenSection succeeded. Status: 0x0, Param1: 0xF, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x420, Path: \KnownDlls3 2\psapi.dll. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x0, Param1: 0x76AC0 000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x5000, Path: 0x420: \KnownD lls32\PSAPI.DLL. 0x0A10: SUCCESS: New_NtQuerySection succeeded. Status: 0x0, Param1: 0x2, Param2 : 0x4, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420: \KnownDlls32\PSAPI.DL L. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\Des ktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \??\ C:\Users\MarK\Desktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x25C, Path: 0x4 20: \Device\HarddiskVolume1\Users\MarK\Desktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0xA1A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11D3000, Path: 0x25C : . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA1A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtQueryAttributesFile succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: \??\C:\Users\MarK\Des ktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtCreateFile succeeded. Status: 0x0, Param1: 0x80100080, P aram2: 0x0, Param3: 0x5, Param4: 0x1, Param5: 0x60, OutHandle: 0x420, Path: \??\ C:\Users\MarK\Desktop\SAFE 12.0.1 Portable.exe.
0x0A10: SUCCESS: New_NtCreateSection succeeded. Status: 0x0, Param1: 0x7, Param 2: 0x0, Param3: 0x2, Param4: 0x1000000, Param5: 0x0, OutHandle: 0x25C, Path: 0x4 20: \Device\HarddiskVolume1\Users\MarK\Desktop\SAFE 12.0.1 Portable.exe. 0x0A10: SUCCESS: New_NtMapViewOfSection succeeded. Status: 0x40000003, Param1: 0xA1A0000, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x11D3000, Path: 0x25C : . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x25C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x420. 0x0A10: SUCCESS: New_NtSetInformationProcess succeeded. Status: 0x0, Param1: 0x C, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFFFFFFFF. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0xA1A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtTerminateProcess succeeded. Status: 0x0, Param1: 0x0, Pa ram2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x514. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x564. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x93B0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x54C. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x86A0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x4F0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x414. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x274. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x27C. 0x0A10: SUCCESS: New_NtDeviceIoControlFile succeeded. Status: 0x0, Param1: 0x39 0402, Param2: 0x8, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270: \Device\K secDD. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x26C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x264. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x268. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x270. 0x0A10: SUCCESS: New_NtQueryVirtualMemory succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x61E8C000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1AC. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3B0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x164. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x3C0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x16C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x448. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x438. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x144. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x148. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x518. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x50. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x38. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x108. 0x0A10: INFO: New_NtClose given invalid handle: Handle: 0x0. 0x0A10: INFO: New_NtClose given invalid handle: Handle: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x100. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF0: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF0. 0x0A10: SUCCESS: New_NtWaitForMultipleObjects succeeded. Status: 0x1, Param1: 0 x2, Param2: 0x1, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF8: . 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xFC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xF8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xEC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xE8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xD8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xDC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xD4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xD0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xCC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0xC8, Path: \??\C:\ Windows\System\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: wing.dll, Path: 0xC8: \Device\HarddiskVolume1\Windows\system. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0xC8, Path: \??\C:\ Windows\System32\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: wing.dll, Path: 0xC8: \Device\HarddiskVolume1\Windows\SysWOW64. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0xC8, Path: \??\C:\ Windows\System\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: wing32.dll, Path: 0xC8: \Device\HarddiskVolume1\Windows\system. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtOpenFile succeeded. Status: 0x0, Param1: 0x100001, Param 2: 0x7, Param3: 0x4021, Param4: 0x0, Param5: 0x0, OutHandle: 0xC8, Path: \??\C:\ Windows\System32\. 0x0A10: INFO: New_NtQueryDirectoryFile reports item not found: Status: 0xC000 000F, Name: wing32.dll, Path: 0xC8: \Device\HarddiskVolume1\Windows\SysWOW64. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xC8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xB0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xB4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xAC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xA8. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xA0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0xA4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x9C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x80. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x78. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x6C. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x70. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x74. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x7C. 0x0A10: SUCCESS: New_NtUnmapViewOfSection succeeded. Status: 0x0, Param1: 0xFFF FFFFF, Param2: 0x1CC0000, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x0. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1C4. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x1CC. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x68. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x64. 0x0A10: SUCCESS: New_NtOpenKey succeeded. Status: 0x0, Param1: 0x20019, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, OutHandle: 0x64, Path: \Registry\Ma chine\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize. 0x0A10: INFO: New_NtQueryValueKey reports item not found: Status: 0xC0000034, Name: DisableMetaFiles, Path: 0x64: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Window s NT\CurrentVersion\GRE_Initialize. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x64. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0,
Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x40. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x20. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x24. 0x0A10: SUCCESS: New_NtClose succeeded. Status: 0x0, Param1: 0x0, Param2: 0x0, Param3: 0x0, Param4: 0x0, Param5: 0x0, Path: 0x310. 0x0A10: ERROR: 0xD0000034, In call: VMAPICALL(VmCreateKey( &hRegRoot, VM_NULL_PA RENT, sRegSandboxCache, KEY_ALL_ACCESS, VM_OPEN_EXISTING))
Вам также может понравиться
- DynaZIP-AX Manual PDFДокумент140 страницDynaZIP-AX Manual PDFOtaku RiverОценок пока нет
- 100 Configure Database Process, Application Sage-ERP-X3 - Configuration-Console WikiДокумент19 страниц100 Configure Database Process, Application Sage-ERP-X3 - Configuration-Console WikifsussanОценок пока нет
- Help You To Create 11.2.0.1 Oracle Database Manually On Windows PlatformДокумент5 страницHelp You To Create 11.2.0.1 Oracle Database Manually On Windows PlatformLuismar SantosОценок пока нет
- HD Crash LogДокумент11 страницHD Crash LogCosmin BălooОценок пока нет
- TabprotosrvДокумент105 страницTabprotosrvpidamarthi14Оценок пока нет
- Ocean ThisErrДокумент7 страницOcean ThisErrAngelina ProtikОценок пока нет
- SDSDFFSDДокумент25 страницSDSDFFSDyuihwebfyiwebuifbweuОценок пока нет
- TNS - Troubleshooting TNSДокумент8 страницTNS - Troubleshooting TNSadeyemikОценок пока нет
- Error LogДокумент1 страницаError Logmakhmouch.bentechОценок пока нет
- Javacore 20110520 131831 7888 0008Документ86 страницJavacore 20110520 131831 7888 0008Marie-Françoise FarnierОценок пока нет
- Hijack THisДокумент3 страницыHijack THisAriff Muhaimin AhmadОценок пока нет
- Install Forms 11g On Windows 7 - 64 BitДокумент2 страницыInstall Forms 11g On Windows 7 - 64 BitSalah Eldin ElfakiОценок пока нет
- Module 2 - Web SecurityДокумент10 страницModule 2 - Web SecurityScribdTranslationsОценок пока нет
- Bug ReportДокумент7 страницBug ReportFajarbopa Mantel Ahhab Al-WasyiОценок пока нет
- Javacore 20110923 103803 7736Документ109 страницJavacore 20110923 103803 7736prakureОценок пока нет
- Creating An Oracle 10g Database From The Command Line Only: Specifying The Instance's SIDДокумент5 страницCreating An Oracle 10g Database From The Command Line Only: Specifying The Instance's SIDcpriyadba100% (1)
- Uputstvo Oracle 11 Client PathДокумент2 страницыUputstvo Oracle 11 Client PathrajwosaОценок пока нет
- MS Office Activation StepsДокумент3 страницыMS Office Activation StepsprogressinnovationhubОценок пока нет
- WAS IssueДокумент4 страницыWAS IssueVijay KumarОценок пока нет
- Pic LogДокумент4 страницыPic LogJuanCarlosVicalОценок пока нет
- PHX BugreportДокумент15 страницPHX BugreportFredy AlmanzaОценок пока нет
- Output LogДокумент7 страницOutput Logimanmrag0023Оценок пока нет
- Bootkit Remover Debug LogДокумент24 страницыBootkit Remover Debug Log445NDOОценок пока нет
- Off97pro 20164876edfaaa ReДокумент181 страницаOff97pro 20164876edfaaa ReBabalawoOggundaObaraОценок пока нет
- SQL Express 2019 (Update) Log - Registry ItemsДокумент644 страницыSQL Express 2019 (Update) Log - Registry ItemsitОценок пока нет
- System InfoДокумент3 страницыSystem InfoWilliam PasiniОценок пока нет
- Defragment ReportДокумент225 страницDefragment ReportLodhy Mattina Cavaliere MontagueОценок пока нет
- Exception Report TORRES-PC 10-23-11 17.57.30 ExceptionДокумент5 страницException Report TORRES-PC 10-23-11 17.57.30 ExceptionmioltorОценок пока нет
- Adobe Acrobat Xi Pro KurulumДокумент5 страницAdobe Acrobat Xi Pro KurulumyemresimsekОценок пока нет
- Kafka ErrorДокумент3 страницыKafka ErrorsergovoyvoddomovrodОценок пока нет
- BugreportДокумент43 страницыBugreportJoão Paulo DelboniОценок пока нет
- D:/oracle/product/10.2.0 Set ORACLE - SID HOTL: # D:/oracle/product/10.2.0 Is The Path Where We Have Installed The SoftwareДокумент6 страницD:/oracle/product/10.2.0 Set ORACLE - SID HOTL: # D:/oracle/product/10.2.0 Is The Path Where We Have Installed The Softwarenag4uhydОценок пока нет
- Stack TraceДокумент9 страницStack TraceLucОценок пока нет
- Odoo Python RoughДокумент9 страницOdoo Python RoughMian Imran IqbalОценок пока нет
- S7IVILOGДокумент6 страницS7IVILOGWilfredo La Torre HinsbiОценок пока нет
- Trenchbroom CrashДокумент13 страницTrenchbroom CrashMartin LeškoОценок пока нет
- PCSuite Cleaner LogДокумент10 страницPCSuite Cleaner LogSayed AsifОценок пока нет
- MBRCheck 04.12.12 16.30.06Документ4 страницыMBRCheck 04.12.12 16.30.06jasmina_cipОценок пока нет
- Athan Setup LogДокумент12 страницAthan Setup LogSafet DaljacОценок пока нет
- Microsoft Word - Komputer TrikДокумент4 страницыMicrosoft Word - Komputer TrikRushme DonovanОценок пока нет
- Setupapi OfflineДокумент7 страницSetupapi OfflineRsam SamrОценок пока нет
- Oracle DB Creation ProcedureДокумент7 страницOracle DB Creation ProcedureShiva KumarОценок пока нет
- AvgrepДокумент2 страницыAvgrepAyushi VashisthОценок пока нет
- WeblogicДокумент1 страницаWeblogicHung DaoОценок пока нет
- X-Plane Installer LogДокумент4 страницыX-Plane Installer LogrckpsfcxjrОценок пока нет
- UAT Path BackupДокумент1 страницаUAT Path BackupSubhakar MadasuОценок пока нет
- Bug ReportДокумент7 страницBug ReportgituchОценок пока нет
- Process ListДокумент1 страницаProcess ListAlexander LuzinОценок пока нет
- Fuck Google AnalyticsДокумент1 страницаFuck Google Analyticsegrino1Оценок пока нет
- Bug ReportДокумент31 страницаBug ReportzyrechОценок пока нет
- make Windows XP Genuine::. L .::no Download Necessary: DescriptionДокумент2 страницыmake Windows XP Genuine::. L .::no Download Necessary: DescriptionAhmad GhouriОценок пока нет
- 04 VadiumДокумент16 страниц04 Vadiumgodzilla74Оценок пока нет
- Error: ORA-12514: TNS:listener Does Not Currently Know of Service Requested in Connect Descriptor Solution: Path For Listener - Ora FileДокумент1 страницаError: ORA-12514: TNS:listener Does Not Currently Know of Service Requested in Connect Descriptor Solution: Path For Listener - Ora FileLogic MasterОценок пока нет
- Bug ReportДокумент7 страницBug ReportRegy MulyadiОценок пока нет
- Javacore 20200226 090959 6124 0002Документ25 страницJavacore 20200226 090959 6124 0002yeniОценок пока нет
- Code 71Документ12 страницCode 71subhrajitm47Оценок пока нет
- x86 StderrДокумент51 страницаx86 StderrAzhar JuliantoОценок пока нет
- Time Attendance System Setup LogДокумент6 страницTime Attendance System Setup LogIpoenk AhmadОценок пока нет
- Protecting Confidential Information: How to Securely Store Sensitive DataОт EverandProtecting Confidential Information: How to Securely Store Sensitive DataОценок пока нет
- KPT GooДокумент14 страницKPT GooCripicerОценок пока нет
- Ms Word Parts and FunctionsДокумент26 страницMs Word Parts and FunctionsFelmarОценок пока нет
- Get File - Belajar Bahasa Spanyol PDFДокумент5 страницGet File - Belajar Bahasa Spanyol PDFDode SanjayaОценок пока нет
- Recording LogДокумент314 страницRecording LogSreenivasulu Reddy SanamОценок пока нет
- Assessing Lync Server LicensingДокумент22 страницыAssessing Lync Server LicensingolivierОценок пока нет
- H.264-1080P Remote Wireless Camera Operating Instructions: I. Mode Represented by Key IndicatorДокумент8 страницH.264-1080P Remote Wireless Camera Operating Instructions: I. Mode Represented by Key Indicatorfauzan080Оценок пока нет
- Memory Management: Background Swapping Contiguous AllocationДокумент51 страницаMemory Management: Background Swapping Contiguous AllocationFazrul RosliОценок пока нет
- ReadmeДокумент10 страницReadmeJun FanОценок пока нет
- CH 12 Multi ThreadingДокумент21 страницаCH 12 Multi ThreadinggokuldhevОценок пока нет
- Open Gapps LogДокумент2 страницыOpen Gapps LogAlvaro ReyesОценок пока нет
- Elysium Cadporter Catia V5 To/From Pro/Engineer Translator User'S GuideДокумент28 страницElysium Cadporter Catia V5 To/From Pro/Engineer Translator User'S GuideTRUNG QUOC LEОценок пока нет
- Microsoft OneDrive Keyboard Shortcuts Cheat SheetДокумент1 страницаMicrosoft OneDrive Keyboard Shortcuts Cheat Sheetjohn Bronson0% (1)
- (Aos) M2Документ8 страниц(Aos) M2Faith SangilОценок пока нет
- Introduction To MS Team: Presentation By: Tech Support Client - InfrastructureДокумент11 страницIntroduction To MS Team: Presentation By: Tech Support Client - InfrastructureRajveer SinghОценок пока нет
- Debug 1214Документ20 страницDebug 1214msholehОценок пока нет
- Modulo de Accesso A Internet PDFДокумент2 страницыModulo de Accesso A Internet PDFWilliam Segundo Matheus TorresОценок пока нет
- THOR Util ManualДокумент8 страницTHOR Util Manualminhquy03032001Оценок пока нет
- CicsДокумент52 страницыCicsAle GomesОценок пока нет
- Premiere Pro Best Practices Workflow Guide - Productions.Документ22 страницыPremiere Pro Best Practices Workflow Guide - Productions.Dave MajorОценок пока нет
- v44 Sims Link InstallationДокумент1 страницаv44 Sims Link Installationapi-415325435Оценок пока нет
- Release Note For ZD1211B WLAN Software Package Version 6.3.0.0 - WHQLДокумент13 страницRelease Note For ZD1211B WLAN Software Package Version 6.3.0.0 - WHQLdo_335_pfeilОценок пока нет
- Hardware Emulated by GNS3Документ8 страницHardware Emulated by GNS3hfredianОценок пока нет
- Systems Applications and ProductsДокумент16 страницSystems Applications and ProductsvenkatvavilalaОценок пока нет
- Esther Joy. M: ResumeДокумент7 страницEsther Joy. M: ResumeEsther JoyОценок пока нет
- vSAN 7.0 Whats New TechnicalДокумент34 страницыvSAN 7.0 Whats New Technicalmohamed souiriОценок пока нет
- Opcode OMS 2.3 Manual 1996Документ45 страницOpcode OMS 2.3 Manual 1996nifnifnafnafОценок пока нет
- Student Guide M2Документ55 страницStudent Guide M2Sintia DamayantiОценок пока нет
- Red Hat Openshift Container Storage 4.6Документ39 страницRed Hat Openshift Container Storage 4.6Chinni MunniОценок пока нет
- WinspiroPRO Revision HistoryДокумент33 страницыWinspiroPRO Revision HistoryАзбука МорзеОценок пока нет
